Working …
This value you provided is not a number. Please try again.
This value you provided is not an integer. Please try again.
The value entered is not a valid Vanderbilt Medical Record Number (i.e. 4- to 9-digit number, excluding leading zeros). Please try again.
The value you provided must be within the suggested range
The value you provided is outside the suggested range
This value is admissible, but you may wish to double check it.
The value entered must be a time value in the following format HH:MM within the range 00:00-23:59 (e.g., 04:32 or 23:19).
This field must be a 5 or 9 digit U.S. ZIP Code (like 94043). Please re-enter it now.
This field must be a 10 digit U.S. phone number (like 415 555 1212). Please re-enter it now.
This field must be a valid email address (like joe@user.com). Please re-enter it now.
The value you provided could not be validated because it does not follow the expected format. Please try again.
Required format:
REDCap Logo
My Projects
Control Center
Plugins, Hooks, & External Modules
Introduction
FAQ for Plugins
FAQ for Hooks
External Module Development
redcap_info()
Developer methods for
Plugins, Hooks, & External Modules
REDCap::addFileToField
REDCap::addFileToRepository
REDCap::allowProjects
REDCap::allowUsers
REDCap::copyFile
REDCap::deleteRecord
REDCap::email
REDCap::escapeHtml
REDCap::evaluateLogic
REDCap::filterHtml
REDCap::getCopyright
REDCap::getData
REDCap::getDataDictionary
REDCap::getDataTable
REDCap::getEventIdFromUniqueEvent
REDCap::getEventNames
REDCap::getExportFieldNames
REDCap::getFieldNames
REDCap::getFieldType
REDCap::getFile
REDCap::getGroupNames
REDCap::getInstrumentNames
REDCap::getLogEventTable
REDCap::getNextRandomizationAllocation
REDCap::getPDF
REDCap::getParticipantEmail
REDCap::getParticipantList
REDCap::getProjectTitle
REDCap::getProjectXML
REDCap::getRecordIdField
REDCap::getReport
REDCap::getSurveyLink
REDCap::getSurveyQueueLink
REDCap::getSurveyReturnCode
REDCap::getUserRights
REDCap::getUsers
REDCap::getValidFieldsByEvents
REDCap::isLongitudinal
REDCap::logEvent
REDCap::renameRecord
REDCap::reserveNewRecordId
REDCap::saveData
REDCap::storeFile
REDCap::updateRandomizationTableEntry
REDCap::versionCompare
Hook functions
redcap_add_edit_records_page
redcap_control_center
redcap_custom_verify_username
redcap_data_entry_form
redcap_data_entry_form_top
redcap_email
redcap_every_page_before_render
redcap_every_page_top
redcap_pdf
redcap_project_home_page
redcap_save_record
redcap_survey_acknowledgement_page
redcap_survey_complete
redcap_survey_page
redcap_survey_page_top
redcap_user_rights

REDCap Developer Tools:
Documentation for Plugins, Hooks, & External Modules

REDCap Version 14.9.1
REDCap::filterHtml
(REDCap >= 5.11.0)
REDCap::filterHtml — Filters a string of text to remove any potentially harmful HTML tags or potentially harmful attributes inside allowable HTML tags
Description
string REDCap::filterHtml ( string $string )
Filter a string of text to remove any potentially harmful HTML tags (e.g., <script>, <embed>) or potentially harmful attributes inside allowable HTML tags (e.g., <a onclick="..." onselect="...">...</a>). The main application of this method is for outputing to a webpage some text that may contain HTML, in which you wish for all the HTML tags to be interpreted properly by the web browser while removing any potentially harmful tags that might exist in the text, such as <script>, which can be used maliciously for attempting Cross-site Scripting (XSS). If any allowable HTML tags, such as <a>, contain attributes deemed potentially harmful, it will not remove the whole HTML tag but instead will only remove the attribute from inside the tag.

NOTE: The HTML tags that are allowable and will NOT get filtered from the text are <label><pre><p><a><br><br/><center><font><b><i><u><h3><h2><h1><hr><table><tr><th><td><img><span><div><em><strong><acronym>.
Parameters
string
Text string to be filtered.
Return Values
Returns the filtered string.
Examples
Example #1:
This example shows how to print a string of text on a webpage so that allowable HTML tags get interpreted properly by the browser while potentially malicious tags are filtered out. The output of the example below should be the following:

Here's my bold text. Attempt to perform cross-site scripting with alert('XSS successful!') 
// Set the text value
$text = "Here's my <b>bold</b> text. Attempt to perform cross-site scripting
         with <script>alert('XSS successful!')</script>";

// Filter the text and output it to the webpage
print REDCap::filterHtml($text);
REDCap 14.9.1 - © 2024 Vanderbilt University