redaxo-master/redaxo/src/core/functionsfunction_rex_escape.php

Functions

rex_escape()

rex_escape(mixed  $value, string  $strategy = 'html') : mixed

Escapes a variable to be used while rendering html.

This function is adapted from code coming from Twig. (c) Fabien Potencier https://github.com/twigphp/Twig/blob/69633fc19189699d20114f005efc8851c3fe9288/lib/Twig/Extension/Core.php#L900-L1127

Parameters

mixed $value

The value to escape

string $strategy

Supported strategies: "html": escapes a string for the HTML context. "html_simplified": escapes a string for the HTML context. Allows some basic tags which are safe regarding XSS. "html_attr": escapes a string for the HTML attrubute context. It is only necessary for dynamic attribute names and attribute values without quotes (data-foo=bar). For attribute values within quotes you can use default strategy "html". "js": escapes a string for the JavaScript/JSON context. "css": escapes a string for the CSS context. CSS escaping can be applied to any string being inserted into CSS and escapes everything except alphanumerics. "url": escapes a string for the URI or parameter contexts. This should not be used to escape an entire URI; only a subcomponent being inserted.

Throws

\InvalidArgumentException

Returns

mixed —