Sections

Class Phalcon\Escaper

implements Phalcon\EscaperInterface

Исходный код на GitHub

Escapes different kinds of text securing them. By using this component you may prevent XSS attacks.

This component only works with UTF-8. The PREG extension needs to be compiled with UTF-8 support.

<?php

$escaper = new \Phalcon\Escaper();

$escaped = $escaper->escapeCss("font-family: <Verdana>");

echo $escaped; // font\2D family\3A \20 \3C Verdana\3E

Methods

public setEncoding (mixed $encoding)

Sets the encoding to be used by the escaper

<?php

$escaper->setEncoding("utf-8");

public getEncoding ()

Returns the internal encoding used by the escaper

public setHtmlQuoteType (mixed $quoteType)

Sets the HTML quoting type for htmlspecialchars

<?php

$escaper->setHtmlQuoteType(ENT_XHTML);

public setDoubleEncode (mixed $doubleEncode)

Sets the double_encode to be used by the escaper

<?php

$escaper->setDoubleEncode(false);

final public detectEncoding (mixed $str)

Detect the character encoding of a string to be handled by an encoder Special-handling for chr(172) and chr(128) to chr(159) which fail to be detected by mb_detect_encoding()

final public normalizeEncoding (mixed $str)

Utility to normalize a string’s encoding to UTF-32.

public escapeHtml (mixed $text)

Escapes a HTML string. Internally uses htmlspecialchars

public escapeHtmlAttr (mixed $attribute)

Escapes a HTML attribute string

public escapeCss (mixed $css)

Escape CSS strings by replacing non-alphanumeric chars by their hexadecimal escaped representation

public escapeJs (mixed $js)

Escape javascript strings by replacing non-alphanumeric chars by their hexadecimal escaped representation

public escapeUrl (mixed $url)

Escapes a URL. Internally uses rawurlencode