Escaper.php
2.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
<?php
namespace Phalcon {
/**
* Phalcon\Escaper
*
* Escapes different kinds of text securing them. By using this component you may
* prevent XSS attacks.
*
* This component only works with UTF-8. The PREG extension needs to be compiled with UTF-8 support.
*
*<code>
* $escaper = new Phalcon\Escaper();
* $escaped = $escaper->escapeCss("font-family: <Verdana>");
* echo $escaped; // font\2D family\3A \20 \3C Verdana\3E
*</code>
*/
class Escaper implements \Phalcon\EscaperInterface {
protected $_encoding;
protected $_htmlEscapeMap;
protected $_htmlQuoteType;
/**
* Sets the encoding to be used by the escaper
*
*<code>
* $escaper->setEncoding('utf-8');
*</code>
*
* @param string $encoding
*/
public function setEncoding($encoding){ }
/**
* Returns the internal encoding used by the escaper
*
* @return string
*/
public function getEncoding(){ }
/**
* Sets the HTML quoting type for htmlspecialchars
*
*<code>
* $escaper->setHtmlQuoteType(ENT_XHTML);
*</code>
*
* @param int $quoteType
*/
public function setHtmlQuoteType($quoteType){ }
/**
* Detect the character encoding of a string to be handled by an encoder
* Special-handling for chr(172) and chr(128) to chr(159) which fail to be detected by mb_detect_encoding()
*
* @param string $str
* @param string $charset
* @return string
*/
public function detectEncoding($str){ }
/**
* Utility to normalize a string's encoding to UTF-32.
*
* @param string $str
* @return string
*/
public function normalizeEncoding($str){ }
/**
* Escapes a HTML string. Internally uses htmlspeciarchars
*
* @param string $text
* @return string
*/
public function escapeHtml($text){ }
/**
* Escapes a HTML attribute string
*
* @param string $attribute
* @return string
*/
public function escapeHtmlAttr($attribute){ }
/**
* Escape CSS strings by replacing non-alphanumeric chars by their hexadecimal escaped representation
*
* @param string $css
* @return string
*/
public function escapeCss($css){ }
/**
* Escape javascript strings by replacing non-alphanumeric chars by their hexadecimal escaped representation
*
* @param string $js
* @return string
*/
public function escapeJs($js){ }
/**
* Escapes a URL. Internally uses rawurlencode
*
* @param string $url
* @return string
*/
public function escapeUrl($url){ }
}
}