PHP Classes

Safer Blitz: Blitz template engine extension to escape values

Recommend this page to a friend!
  Info   Documentation   View files Files   Install with Composer Install with Composer   Download Download   Reputation   Support forum   Blog    
Ratings Unique User Downloads Download Rankings
Not enough user ratingsTotal: 64 All time: 10,406 This week: 488Up
Version License PHP version Categories
safer-blitz 1.0.0MIT/X Consortium ...7HTML, Templates, PHP 7
Description 

Author

This package is a Blitz template engine extension to escape values.

It provides a extension classes that can escape template values for displaying in HTML pages.

Regular template values are encoded but the values that are not meant to be escaped can be passed verbatim to the template output without encoding by using the raw command.

Picture of Victor Bolshov
  Performance   Level  
Name: Victor Bolshov <contact>
Classes: 10 packages by
Country: Russian Federation Russian Federation
Age: 45
All time rank: 42211 in Russian Federation Russian Federation
Week rank: 178 Up10 in Russian Federation Russian Federation Up
Innovation award
Innovation award
Nominee: 2x

Documentation

safer-blitz

A small extension to Blitz template engine, adding template inheritance and auto-escaping.

Template inheritance

article.tpl:

<article>text</article>

layout.tpl:

<header/>
{{ raw(content) }}
<footer/>

PHP code:

$view = new View("article.tpl");
$view->extend("layout.tpl");
echo $view->parse();

The output:

<header/>
<article>text</article>
<footer/>

Auto-escaping

Initialize view:

$view = new \SaferBlitz\View;

In template:

{{ $some_variable }}

In controller:

$view->set(["some_variable" => "some nasty XSS attempt: \"><script>alert(\"XSS\");</script>"]);
$view->display();

Result:

some nasty XSS attempt: &quot;&gt;&lt;script&gt;alert(&quot;XSS&quot;);&lt;/script&gt;

To output variable unescaped, use _raw($var)_ template API:

{{ raw($trusted_variable) }}

If anyone appears to be interested in this project, I will probably add proper escape methods to escape attributes, CSS, JS. For now, this is out of my personal scope of use though.


  Files folder image Files (9)  
File Role Description
Files folder imagesrc (1 directory)
Files folder imagetest (2 files, 1 directory)
Accessible without login Plain text file composer.json Data Auxiliary data
Accessible without login Plain text file composer.lock Data Auxiliary data
Accessible without login Plain text file phpunit.xml Data Auxiliary data
Accessible without login Plain text file README.md Doc. Documentation

  Files folder image Files (9)  /  src  
File Role Description
Files folder imageSaferBlitz (2 files)

  Files folder image Files (9)  /  src  /  SaferBlitz  
File Role Description
  Plain text file StringContainer.php Class Class source
  Plain text file View.php Class Class source

  Files folder image Files (9)  /  test  
File Role Description
Files folder imageresources (1 file)
  Accessible without login Plain text file bootstrap.php Aux. Auxiliary script
  Plain text file ViewTest.php Class Class source

  Files folder image Files (9)  /  test  /  resources  
File Role Description
  Accessible without login Plain text file inc.tpl Data Auxiliary data

The PHP Classes site has supported package installation using the Composer tool since 2013, as you may verify by reading this instructions page.
Install with Composer Install with Composer
 Version Control Unique User Downloads Download Rankings  
 100%
Total:64
This week:0
All time:10,406
This week:488Up