Whitelisting Tags in Module Output
Whitelisting Tags in Module OutputCategory
Drupal Version
Here's how to whitelist HTML tags in your module output that are normally stripped out by the XSS filter:
$tagList = array('input'); return array( '#markup' => $buffer, '#allowed_tags' => array_merge(\Drupal\Component\Utility\Xss::getAdminTagList(), $tagList), );
And here's how to allow data URLs in your module output for displaying images with data that you've already pulled in from a data source (code updated 2017-12-11 to a better format that avoids whitescreening in certain use cases):
$allowedProtocols = \Drupal\Component\Utility\URLHelper::getAllowedProtocols(); $allowedProtocols[] = 'data'; \Drupal\Component\Utility\URLHelper::setAllowedProtocols($allowedProtocols);