Sections

Class Phalcon\Escaper

Source on GitHub

Namespace Phalcon
Uses Phalcon\Di\DiInterface, Phalcon\Escaper\EscaperInterface, Phalcon\Escaper\Exception
Implements EscaperInterface

Phalcon\Escaper

Escapes different kinds of text securing them. By using this component you may prevent XSS attacks.

This component only works with UTF-8. The PREG extension needs to be compiled with UTF-8 support.

$escaper = new \Phalcon\Escaper();

$escaped = $escaper->escapeCss("font-family: <Verdana>");

echo $escaped; // font\2D family\3A \20 \3C Verdana\3E

Properties

/**
 * @var bool
 */
protected doubleEncode = true;

/**
 * @var string
 */
protected encoding = utf-8;

/**
 * @var int
 */
protected flags = 3;

Methods

public function attributes( string $attribute = null ): string;

Escapes a HTML attribute string

public function css( string $input ): string;

Escape CSS strings by replacing non-alphanumeric chars by their hexadecimal escaped representation

final public function detectEncoding( string $str ): string | null;

Detect the character encoding of a string to be handled by an encoder. Special-handling for chr(172) and chr(128) to chr(159) which fail to be detected by mb_detect_encoding()

public function escapeCss( string $css ): string;

Escape CSS strings by replacing non-alphanumeric chars by their hexadecimal escaped representation

public function escapeHtml( string $text = null ): string;

Escapes a HTML string. Internally uses htmlspecialchars

public function escapeHtmlAttr( string $attribute = null ): string;

Escapes a HTML attribute string

public function escapeJs( string $js ): string;

Escape JavaScript strings by replacing non-alphanumeric chars by their hexadecimal escaped representation

public function escapeUrl( string $url ): string;

Escapes a URL. Internally uses rawurlencode

public function getEncoding(): string;

Returns the internal encoding used by the escaper

public function getFlags(): int;

Returns the current flags for htmlspecialchars

public function html( string $input = null ): string;

Escapes a HTML string. Internally uses htmlspecialchars

public function js( string $input ): string;

Escape javascript strings by replacing non-alphanumeric chars by their hexadecimal escaped representation

final public function normalizeEncoding( string $str ): string;

Utility to normalize a string’s encoding to UTF-32.

public function setDoubleEncode( bool $doubleEncode ): void;

Sets the double_encode to be used by the escaper

$escaper->setDoubleEncode(false);
public function setEncoding( string $encoding ): void;

Sets the encoding to be used by the escaper

$escaper->setEncoding("utf-8");
public function setFlags( int $flags ): Escaper;

Sets the HTML quoting type for htmlspecialchars

$escaper->setFlags(ENT_XHTML);
public function setHtmlQuoteType( int $flags ): void;

Sets the HTML quoting type for htmlspecialchars

$escaper->setHtmlQuoteType(ENT_XHTML);
public function url( string $url ): string;

Escapes a URL. Internally uses rawurlencode

Interface Phalcon\Escaper\EscaperInterface

Source on GitHub

Namespace Phalcon\Escaper

Interface for Phalcon\Escaper

Methods

public function escapeCss( string $css ): string;

Escape CSS strings by replacing non-alphanumeric chars by their hexadecimal representation

public function escapeHtml( string $text ): string;

Escapes a HTML string

public function escapeHtmlAttr( string $text ): string;

Escapes a HTML attribute string

public function escapeJs( string $js ): string;

Escape Javascript strings by replacing non-alphanumeric chars by their hexadecimal representation

public function escapeUrl( string $url ): string;

Escapes a URL. Internally uses rawurlencode

public function getEncoding(): string;

Returns the internal encoding used by the escaper

public function setEncoding( string $encoding ): void;

Sets the encoding to be used by the escaper

public function setHtmlQuoteType( int $quoteType ): void;

Sets the HTML quoting type for htmlspecialchars

Class Phalcon\Escaper\Exception

Source on GitHub

Namespace Phalcon\Escaper
Extends \Phalcon\Exception

Exceptions thrown in Phalcon\Escaper will use this class