Documentation

function_rex_escape.php

Table of Contents

Functions

rex_escape()  : mixed
Escapes a variable to be used while rendering html.

Functions

rex_escape()

Escapes a variable to be used while rendering html.

rex_escape(T $value[, string $strategy = 'html' ]) : mixed

This function is adapted from code coming from Twig. (c) Fabien Potencier https://github.com/twigphp/Twig/blob/5f20d4a362078e8a066f7dcc146e8005186d9663/src/Extension/EscaperExtension.php#L166

Parameters
$value : T

The value to escape

$strategy : string = 'html'

Supported strategies: "html": escapes a string for the HTML context. "html_simplified": escapes a string for the HTML context. Allows some basic tags which are safe regarding XSS. "html_attr": escapes a string for the HTML attrubute context. It is only necessary for dynamic attribute names and attribute values without quotes (data-foo=bar). For attribute values within quotes you can use default strategy "html". "js": escapes a string for the JavaScript/JSON context. "css": escapes a string for the CSS context. CSS escaping can be applied to any string being inserted into CSS and escapes everything except alphanumerics. "url": escapes a string for the URI or parameter contexts. This should not be used to escape an entire URI; only a subcomponent being inserted.

Tags
template

T

psalm-param

'html'|'html_simplified'|'html_attr'|'js'|'css'|'url' $strategy

throws
InvalidArgumentException
psalm-return

(T is Stringable ? string : T)

psalm-taint-escape

has_quotes

psalm-taint-escape

html

psalm-pure

        
On this page

Search results