Class Phalcon\Escaper
Source on GitHub
Namespace |
Phalcon |
|
Uses |
Phalcon\Di\DiInterface, Phalcon\Escaper\EscaperInterface, Phalcon\Escaper\Exception |
|
Implements |
EscaperInterface |
Phalcon\Escaper
Escapes different kinds of text securing them. By using this component you may prevent XSS attacks.
This component only works with UTF-8. The PREG extension needs to be compiled with UTF-8 support.
$escaper = new \Phalcon\Escaper();
$escaped = $escaper->escapeCss("font-family: <Verdana>");
echo $escaped; // font\2D family\3A \20 \3C Verdana\3E
Properties
/**
* @var bool
*/
protected doubleEncode = true;
/**
* @var string
*/
protected encoding = utf-8;
/**
* @var int
*/
protected flags = 3;
Methods
public function attributes( string $attribute = null ): string;
Escapes a HTML attribute string
public function css( string $input ): string;
Escape CSS strings by replacing non-alphanumeric chars by their hexadecimal escaped representation
final public function detectEncoding( string $str ): string | null;
Detect the character encoding of a string to be handled by an encoder. Special-handling for chr(172) and chr(128) to chr(159) which fail to be detected by mb_detect_encoding()
public function escapeCss( string $css ): string;
Escape CSS strings by replacing non-alphanumeric chars by their hexadecimal escaped representation
public function escapeHtml( string $text = null ): string;
Escapes a HTML string. Internally uses htmlspecialchars
public function escapeHtmlAttr( string $attribute = null ): string;
Escapes a HTML attribute string
public function escapeJs( string $js ): string;
Escape JavaScript strings by replacing non-alphanumeric chars by their hexadecimal escaped representation
public function escapeUrl( string $url ): string;
Escapes a URL. Internally uses rawurlencode
public function getEncoding(): string;
Returns the internal encoding used by the escaper
public function getFlags(): int;
Returns the current flags for htmlspecialchars
public function html( string $input = null ): string;
Escapes a HTML string. Internally uses htmlspecialchars
public function js( string $input ): string;
Escape javascript strings by replacing non-alphanumeric chars by their hexadecimal escaped representation
final public function normalizeEncoding( string $str ): string;
Utility to normalize a string’s encoding to UTF-32.
public function setDoubleEncode( bool $doubleEncode ): void;
Sets the double_encode to be used by the escaper
$escaper->setDoubleEncode(false);
public function setEncoding( string $encoding ): void;
Sets the encoding to be used by the escaper
$escaper->setEncoding("utf-8");
public function setFlags( int $flags ): Escaper;
Sets the HTML quoting type for htmlspecialchars
$escaper->setFlags(ENT_XHTML);
public function setHtmlQuoteType( int $flags ): void;
Sets the HTML quoting type for htmlspecialchars
$escaper->setHtmlQuoteType(ENT_XHTML);
public function url( string $url ): string;
Escapes a URL. Internally uses rawurlencode
Interface Phalcon\Escaper\EscaperInterface
Source on GitHub
Namespace |
Phalcon\Escaper |
Interface for Phalcon\Escaper
Methods
public function escapeCss( string $css ): string;
Escape CSS strings by replacing non-alphanumeric chars by their hexadecimal representation
public function escapeHtml( string $text ): string;
Escapes a HTML string
public function escapeHtmlAttr( string $text ): string;
Escapes a HTML attribute string
public function escapeJs( string $js ): string;
Escape Javascript strings by replacing non-alphanumeric chars by their hexadecimal representation
public function escapeUrl( string $url ): string;
Escapes a URL. Internally uses rawurlencode
public function getEncoding(): string;
Returns the internal encoding used by the escaper
public function setEncoding( string $encoding ): void;
Sets the encoding to be used by the escaper
public function setHtmlQuoteType( int $quoteType ): void;
Sets the HTML quoting type for htmlspecialchars
Class Phalcon\Escaper\Exception
Source on GitHub
Namespace |
Phalcon\Escaper |
|
Extends |
\Phalcon\Exception |
Exceptions thrown in Phalcon\Escaper will use this class