function_rex_escape.php
Table of Contents
Functions
- rex_escape() : mixed
- Escapes a variable to be used while rendering html.
Functions
rex_escape()
Escapes a variable to be used while rendering html.
rex_escape(T $value[, string $strategy = 'html' ]) : mixed
This function is adapted from code coming from Twig. (c) Fabien Potencier https://github.com/twigphp/Twig/blob/5f20d4a362078e8a066f7dcc146e8005186d9663/src/Extension/EscaperExtension.php#L166
Parameters
- $value : T
-
The value to escape
- $strategy : string = 'html'
-
Supported strategies: "html": escapes a string for the HTML context. "html_simplified": escapes a string for the HTML context. Allows some basic tags which are safe regarding XSS. "html_attr": escapes a string for the HTML attrubute context. It is only necessary for dynamic attribute names and attribute values without quotes (
data-foo=bar
). For attribute values within quotes you can use default strategy "html". "js": escapes a string for the JavaScript/JSON context. "css": escapes a string for the CSS context. CSS escaping can be applied to any string being inserted into CSS and escapes everything except alphanumerics. "url": escapes a string for the URI or parameter contexts. This should not be used to escape an entire URI; only a subcomponent being inserted.