protected function _filter_xss($value, $parameters)
{
if ($value === '') {
return $value;
}
if (count($parameters) === 0) {
$xssReplace = $this->_xssByReplace;
} else {
$xssReplace = $parameters[0];
}
if ($xssReplace) {
$tr = ['<' => '<', '>' => '>', '\'' => '‘', '"' => '“', '&' => '&', '\\' => '\', '#' => '#'];
$value = strtr($value, $tr);
} else {
$value = str_replace('<>\'"&\\#', ' ', $value);
}
$from = ['\\u', '\\U'];
$to = ' ';
$value = str_replace($from, $to, $value);
//http://zone.wooyun.org/content/1253
return $value;
}