What do $this->escape() in zend framework actually do?

About

Asked 18/12, 2009 at 0:0 Answered 16/9, 2011 at 8:41

I need help in understanding the actual actions of a helper function in Zend Framework.

I need someone to explain to me what $this->escape($string) actually does to the string passed to it before printing the string into the template.

Cavein answered 18/12, 2009 at 0:0 Comment(0)

$this->escape() escapes a string according to settings you can provide with $this->setEscape('functionname'), by default it is PHP's htmlspecialchars function.

http://framework.zend.com/manual/en/zend.view.scripts.html

Dupaix answered 18/12, 2009 at 0:6 Comment(0)

It calls the htmlspecialchars PHP function.

The translations performed are:

'&' (ampersand) becomes '&'

'"' (double quote) becomes '"'

'<' (less than) becomes '<'

'>' (greater than) becomes '>'

Hanhhank answered 18/12, 2009 at 0:2 Comment(0)

Over at the PiKe project we build a custom stream wrapper that automatically escapes all view variables to be safe by default against XSS, with a MINIMAL performance hit! You can still get the RAW value with:

<?=~ $variable ?>

Notice the "~" character. Checkout http://code.google.com/p/php-pike/wiki/Pike_View_Stream

Neuman answered 16/9, 2011 at 8:41 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags