Magento escape methods
@api
- Since
- 100.0.2
Definition at line 15 of file Escaper.php.
◆ encodeUrlParam()
encodeUrlParam |
( |
|
$string | ) |
|
Encode URL
- Parameters
-
- Returns
- string
- Since
- 101.0.0
Definition at line 228 of file Escaper.php.
230 return $this->getEscaper()->escapeUrl($string);
◆ escapeCss()
Escape string for the CSS context
- Parameters
-
- Returns
- string
- Since
- 101.0.0
Definition at line 267 of file Escaper.php.
269 return $this->getEscaper()->escapeCss($string);
◆ escapeHtml()
escapeHtml |
( |
|
$data, |
|
|
|
$allowedTags = null |
|
) |
| |
Escape string for HTML context.
AllowedTags will not be escaped, except the following: script, img, embed, iframe, video, source, object, audio
- Parameters
-
string | array | $data | |
array | null | $allowedTags | |
- Returns
- string|array
Definition at line 60 of file Escaper.php.
62 if (!is_array(
$data)) {
66 if (is_array(
$data)) {
72 if (is_array($allowedTags) && !empty($allowedTags)) {
73 $allowedTags = $this->filterProhibitedTags($allowedTags);
74 $wrapperElementId = uniqid();
75 $domDocument = new \DOMDocument(
'1.0',
'UTF-8');
77 function ($errorNumber, $errorString) {
78 throw new \Exception($errorString, $errorNumber);
81 $string = mb_convert_encoding(
$data,
'HTML-ENTITIES',
'UTF-8');
83 $domDocument->loadHTML(
84 '<html><body id="' . $wrapperElementId .
'">' . $string .
'</body></html>' 86 }
catch (\Exception $e) {
87 restore_error_handler();
88 $this->getLogger()->critical($e);
90 restore_error_handler();
92 $this->removeNotAllowedTags($domDocument, $allowedTags);
93 $this->removeNotAllowedAttributes($domDocument);
94 $this->escapeText($domDocument);
95 $this->escapeAttributeValues($domDocument);
97 $result = mb_convert_encoding($domDocument->saveHTML(),
'UTF-8',
'HTML-ENTITIES');
98 preg_match(
'/<body id="' . $wrapperElementId .
'">(.+)<\/body><\/html>$/si',
$result, $matches);
99 return !empty($matches) ? $matches[1] :
'';
101 $result = htmlspecialchars(
$data, ENT_QUOTES | ENT_SUBSTITUTE,
'UTF-8',
false);
elseif(isset( $params[ 'redirect_parent']))
escapeHtml($data, $allowedTags=null)
◆ escapeHtmlAttr()
escapeHtmlAttr |
( |
|
$string, |
|
|
|
$escapeSingleQuote = true |
|
) |
| |
Escape a string for the HTML attribute context
- Parameters
-
string | $string | |
boolean | $escapeSingleQuote | |
- Returns
- string
- Since
- 101.0.0
Definition at line 202 of file Escaper.php.
204 if ($escapeSingleQuote) {
205 return $this->getEscaper()->escapeHtmlAttr((
string) $string);
207 return htmlspecialchars((
string)$string, ENT_COMPAT,
'UTF-8',
false);
◆ escapeJs()
Escape string for the JavaScript context
- Parameters
-
- Returns
- string
- Since
- 101.0.0
Definition at line 240 of file Escaper.php.
242 if ($string ===
'' || ctype_digit($string)) {
246 return preg_replace_callback(
247 '/[^a-z0-9,\._]/iSu',
248 function ($matches) {
250 if (strlen($chr) != 1) {
251 $chr = mb_convert_encoding($chr,
'UTF-16BE',
'UTF-8');
252 $chr = ($chr ===
false) ?
'' : $chr;
254 return sprintf(
'\\u%04s', strtoupper(bin2hex($chr)));
◆ escapeJsQuote()
escapeJsQuote |
( |
|
$data, |
|
|
|
$quote = '\'' |
|
) |
| |
Escape quotes in java script
- Parameters
-
string | array | $data | |
string | $quote | |
- Returns
- string|array
- Deprecated:
- 101.0.0
Definition at line 280 of file Escaper.php.
282 if (is_array(
$data)) {
escapeJsQuote($data, $quote='\'')
◆ escapeQuote()
escapeQuote |
( |
|
$data, |
|
|
|
$addSlashes = false |
|
) |
| |
Escape quotes inside html attributes
Use $addSlashes = false for escaping js that inside html attribute (onClick, onSubmit etc)
- Parameters
-
string | $data | |
bool | $addSlashes | |
- Returns
- string
- Deprecated:
- 101.0.0
Definition at line 336 of file Escaper.php.
338 if ($addSlashes ===
true) {
341 return htmlspecialchars(
$data, ENT_QUOTES,
null,
false);
◆ escapeUrl()
Escape URL
- Parameters
-
- Returns
- string
Definition at line 216 of file Escaper.php.
escapeHtml($data, $allowedTags=null)
◆ escapeXssInUrl()
Escape xss in urls
- Parameters
-
- Returns
- string
- Deprecated:
- 101.0.0
Definition at line 300 of file Escaper.php.
302 return htmlspecialchars(
303 $this->escapeScriptIdentifiers((
string)
$data),
304 ENT_COMPAT | ENT_HTML5 | ENT_HTML401,
The documentation for this class was generated from the following file: