Table Of Contents

Previous topic

Class Phalcon\Dispatcher

Next topic

Class Phalcon\Escaper\Exception

This Page

Class Phalcon\Escaper

implements Phalcon\EscaperInterface

Escapes different kinds of text securing them. By using this component you may prevent XSS attacks. This component only works with UTF-8. The PREG extension needs to be compiled with UTF-8 support.

<?php

 $escaper = new Phalcon\Escaper();
 $escaped = $escaper->escapeCss("font-family: <Verdana>");
 echo $escaped; // font\2D family\3A \20 \3C Verdana\3E

Methods

public setEnconding (string $encoding)

Sets the encoding to be used by the escaper

public string getEncoding ()

Returns the internal encoding used by the escaper

public setHtmlQuoteType (int $quoteType)

Sets the HTML quoting type for htmlspecialchars

public string escapeHtml (string $text)

Escapes a HTML string. Internally uses htmlspeciarchars

public string escapeHtmlAttr (string $text)

Escapes a HTML attribute string

public string cssSanitize (array $matches)

Sanitizes CSS strings converting non-alphanumeric chars to their hexadecimal representation

public escapeCss (string $css)

Escape CSS strings by replacing non-alphanumeric chars by their hexadecimal representation

public string escapeUrl (string $url)

Escapes a URL. Internally uses rawurlencode