Skip to content

Phalcon escaper

NOTE

All classes are prefixed with Phalcon

Escaper

Source on GitHub

  • Namespace

    • Phalcon

  • Uses

    • Phalcon\Escaper\EscaperInterface

  • Extends

  • Implements

    • EscaperInterface

Phalcon\Escaper

Escapes different kinds of text securing them. By using this component you may prevent XSS attacks.

This component only works with UTF-8. The PREG extension needs to be compiled with UTF-8 support.

$escaper = new \Phalcon\Escaper();

$escaped = $escaper->escapeCss("font-family: <Verdana>");

echo $escaped; // font\2D family\3A \20 \3C Verdana\3E

Properties

/**
 * @var bool
 */
protected $doubleEncode = true;

/**
 * @var string
 */
protected $encoding = utf-8;

/**
 * @var int
 */
protected $flags = 3;

Methods

public function attributes( string $attribute = null ): string;
Escapes a HTML attribute string

public function css( string $input ): string;
Escape CSS strings by replacing non-alphanumeric chars by their hexadecimal escaped representation

final public function detectEncoding( string $str ): string | null;
Detect the character encoding of a string to be handled by an encoder. Special-handling for chr(172) and chr(128) to chr(159) which fail to be detected by mb_detect_encoding()

public function escapeCss( string $css ): string;
Escape CSS strings by replacing non-alphanumeric chars by their hexadecimal escaped representation

public function escapeHtml( string $text = null ): string;
Escapes a HTML string. Internally uses htmlspecialchars

public function escapeHtmlAttr( string $attribute = null ): string;
Escapes a HTML attribute string

public function escapeJs( string $js ): string;
Escape JavaScript strings by replacing non-alphanumeric chars by their hexadecimal escaped representation

public function escapeUrl( string $url ): string;
Escapes a URL. Internally uses rawurlencode

public function getEncoding(): string;
Returns the internal encoding used by the escaper

public function getFlags(): int;
Returns the current flags for htmlspecialchars

public function html( string $input = null ): string;
Escapes a HTML string. Internally uses htmlspecialchars

public function js( string $input ): string;
Escape javascript strings by replacing non-alphanumeric chars by their hexadecimal escaped representation

final public function normalizeEncoding( string $str ): string;
Utility to normalize a string's encoding to UTF-32.

public function setDoubleEncode( bool $doubleEncode ): void;
Sets the double_encode to be used by the escaper

$escaper->setDoubleEncode(false);


public function setEncoding( string $encoding ): void;
Sets the encoding to be used by the escaper

$escaper->setEncoding("utf-8");


public function setFlags( int $flags ): Escaper;
Sets the HTML quoting type for htmlspecialchars

$escaper->setFlags(ENT_XHTML);


public function setHtmlQuoteType( int $flags ): void;
Sets the HTML quoting type for htmlspecialchars

$escaper->setHtmlQuoteType(ENT_XHTML);


public function url( string $url ): string;
Escapes a URL. Internally uses rawurlencode

Escaper\EscaperInterface Interface

Source on GitHub

  • Namespace

    • Phalcon\Escaper

  • Uses

  • Extends

  • Implements

Interface for Phalcon\Escaper

Methods

public function escapeCss( string $css ): string;
Escape CSS strings by replacing non-alphanumeric chars by their hexadecimal representation

public function escapeHtml( string $text ): string;
Escapes a HTML string

public function escapeHtmlAttr( string $text ): string;
Escapes a HTML attribute string

public function escapeJs( string $js ): string;
Escape Javascript strings by replacing non-alphanumeric chars by their hexadecimal representation

public function escapeUrl( string $url ): string;
Escapes a URL. Internally uses rawurlencode

public function getEncoding(): string;
Returns the internal encoding used by the escaper

public function setEncoding( string $encoding ): void;
Sets the encoding to be used by the escaper

public function setHtmlQuoteType( int $quoteType ): void;
Sets the HTML quoting type for htmlspecialchars

Html\Exception

Source on GitHub

  • Namespace

    • Phalcon\Html

  • Uses

  • Extends

    \Exception

  • Implements

Exceptions thrown in Phalcon\Escaper will use this class