Recommend this page to a friend! |
Download |
Info | Documentation | Files | Install with Composer | Download | Reputation | Support forum | Blog | Links |
Ratings | Unique User Downloads | Download Rankings | ||||
Not enough user ratings | Total: 64 | All time: 10,406 This week: 488 |
Version | License | PHP version | Categories | |||
safer-blitz 1.0.0 | MIT/X Consortium ... | 7 | HTML, Templates, PHP 7 |
Description | Author | |
This package is a Blitz template engine extension to escape values. |
A small extension to Blitz template engine, adding template inheritance and auto-escaping.
article.tpl:
<article>text</article>
layout.tpl:
<header/>
{{ raw(content) }}
<footer/>
PHP code:
$view = new View("article.tpl");
$view->extend("layout.tpl");
echo $view->parse();
The output:
<header/>
<article>text</article>
<footer/>
Initialize view:
$view = new \SaferBlitz\View;
In template:
{{ $some_variable }}
In controller:
$view->set(["some_variable" => "some nasty XSS attempt: \"><script>alert(\"XSS\");</script>"]);
$view->display();
Result:
some nasty XSS attempt: "><script>alert("XSS");</script>
To output variable unescaped, use _raw($var)_ template API:
{{ raw($trusted_variable) }}
If anyone appears to be interested in this project, I will probably add proper escape methods to escape attributes, CSS, JS. For now, this is out of my personal scope of use though.
Files (9) |
File | Role | Description | ||
---|---|---|---|---|
src (1 directory) | ||||
test (2 files, 1 directory) | ||||
composer.json | Data | Auxiliary data | ||
composer.lock | Data | Auxiliary data | ||
phpunit.xml | Data | Auxiliary data | ||
README.md | Doc. | Documentation |
Files (9) | / | src | / | SaferBlitz |
File | Role | Description |
---|---|---|
StringContainer.php | Class | Class source |
View.php | Class | Class source |
Files (9) | / | test |
File | Role | Description | ||
---|---|---|---|---|
resources (1 file) | ||||
bootstrap.php | Aux. | Auxiliary script | ||
ViewTest.php | Class | Class source |
The PHP Classes site has supported package installation using the Composer tool since 2013, as you may verify by reading this instructions page. |
Install with Composer |
Version Control | Unique User Downloads | Download Rankings | |||||||||||||||
100% |
|
|
Applications that use this package |
If you know an application of this package, send a message to the author to add a link here.