Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter Best Practices filter input - escape output
filter input - escape output
  • Offline ivantcholakov
    Senior Member
  • ****
  • Posts: 668
    Threads: 17
    Joined: Oct 2014
    Reputation: 37
#5
05-22-2016, 07:29 AM

In addition to the existing function html_escape() I've got functions for escaping in other contexts:

Code:
// Escapers

// html_escape() already has been implemented.

if (!function_exists('html_attr_escape')) {

    function html_attr_escape($string) {

        $twig = & _get_simple_twig_instance();

        return call_user_func($twig->getFilter('escape')->getCallable(), $twig, $string, 'html_attr');
    }

}

if (!function_exists('js_escape')) {

    function js_escape($string) {

        $twig = & _get_simple_twig_instance();

        return call_user_func($twig->getFilter('escape')->getCallable(), $twig, $string, 'js');
    }

}

if (!function_exists('css_escape')) {

    function css_escape($string) {

        $twig = & _get_simple_twig_instance();

        return call_user_func($twig->getFilter('escape')->getCallable(), $twig, $string, 'css');
    }

}

if (!function_exists('url_escape')) {

    function url_escape($string) {

        $twig = & _get_simple_twig_instance();

        return call_user_func($twig->getFilter('escape')->getCallable(), $twig, $string, 'url');
    }

}

if (!function_exists('_get_simple_twig_instance')) {

    function & _get_simple_twig_instance() {

        static $instance = null;

        if (!isset($instance)) {

            $instance = new Twig_Environment(
                new Parser_Twig_Loader_String,
                array(
                    'debug' => false,
                    'charset' => config_item('charset'),
                    'base_template_class' => 'Twig_Template',
                    'strict_variables' => false,
                    'autoescape' => 'html',
                    'cache' => false,
                    'auto_reload' => null,
                    'optimizations' => -1,
                )
            );
        }

        return $instance;
    }

}

// End Escapers

I use the internal escapers of Twig because I already have it. But it is not necessary you to install Twig in your system, you can easily rewrite the bodies of these helper functions by using the small component Zend\Escaper https://github.com/zendframework/zend-escaper It has the same routines inside, install it with Composer.
Reply


Messages In This Thread
filter input - escape output - by edoramedia - 05-22-2016, 01:05 AM
RE: filter input - escape output - by kenjis - 05-22-2016, 02:01 AM
RE: filter input - escape output - by edoramedia - 05-22-2016, 02:11 AM
RE: filter input - escape output - by kenjis - 05-22-2016, 02:36 AM
RE: filter input - escape output - by ivantcholakov - 05-22-2016, 07:29 AM
RE: filter input - escape output - by cartalot - 05-22-2016, 12:21 PM



Theme © iAndrew 2016 - Forum software by © MyBB