Sections

Class Phalcon\Escaper\Escaper

Source on GitHub

Namespace Phalcon\Escaper   Uses Phalcon\Escaper\EscaperInterface, Phalcon\Escaper\Exception   Implements EscaperInterface

Phalcon\Escaper

Escapes different kinds of text securing them. By using this component you may prevent XSS attacks.

This component only works with UTF-8. The PREG extension needs to be compiled with UTF-8 support.

$escaper = new \Phalcon\Escaper();

$escaped = $escaper->escapeCss("font-family: <Verdana>");

echo $escaped; // font\2D family\3A \20 \3C Verdana\3E

Properties

/**
 * @var bool
 */
protected doubleEncode = true;

/**
 * @var string
 */
protected encoding = utf-8;

//
protected htmlEscapeMap;

//
protected htmlQuoteType = 3;

Methods

final public function detectEncoding( string $str ): string | null;

Detect the character encoding of a string to be handled by an encoder. Special-handling for chr(172) and chr(128) to chr(159) which fail to be detected by mb_detect_encoding()

public function escapeCss( string $css ): string;

Escape CSS strings by replacing non-alphanumeric chars by their hexadecimal escaped representation

public function escapeHtml( string $text ): string;

Escapes a HTML string. Internally uses htmlspecialchars

public function escapeHtmlAttr( string $attribute ): string;

Escapes a HTML attribute string

public function escapeJs( string $js ): string;

Escape javascript strings by replacing non-alphanumeric chars by their hexadecimal escaped representation

public function escapeUrl( string $url ): string;

Escapes a URL. Internally uses rawurlencode

public function getEncoding(): string;

Returns the internal encoding used by the escaper

final public function normalizeEncoding( string $str ): string;

Utility to normalize a string’s encoding to UTF-32.

public function setDoubleEncode( bool $doubleEncode ): void;

Sets the double_encode to be used by the escaper

$escaper->setDoubleEncode(false);
public function setEncoding( string $encoding ): void;

Sets the encoding to be used by the escaper

$escaper->setEncoding("utf-8");
public function setHtmlQuoteType( int $quoteType ): void;

Sets the HTML quoting type for htmlspecialchars

$escaper->setHtmlQuoteType(ENT_XHTML);

Interface Phalcon\Escaper\EscaperInterface

Source on GitHub

Namespace Phalcon\Escaper

Interface for Phalcon\Escaper

Methods

public function escapeCss( string $css ): string;

Escape CSS strings by replacing non-alphanumeric chars by their hexadecimal representation

public function escapeHtml( string $text ): string;

Escapes a HTML string

public function escapeHtmlAttr( string $text ): string;

Escapes a HTML attribute string

public function escapeJs( string $js ): string;

Escape Javascript strings by replacing non-alphanumeric chars by their hexadecimal representation

public function escapeUrl( string $url ): string;

Escapes a URL. Internally uses rawurlencode

public function getEncoding(): string;

Returns the internal encoding used by the escaper

public function setEncoding( string $encoding ): void;

Sets the encoding to be used by the escaper

public function setHtmlQuoteType( int $quoteType ): void;

Sets the HTML quoting type for htmlspecialchars

Class Phalcon\Escaper\Exception

Source on GitHub

Namespace Phalcon\Escaper   Extends \Phalcon\Exception

Exceptions thrown in Phalcon\Escaper will use this class