|
Perforce Chronicle 2012.2/486814
API Documentation
|
View helper for escaping untrusted data before inserting them into an html common attributes. More...
Public Member Functions | |
| __construct () | |
| Extend constructor to initilize list of illegal characters. | |
| escapeAttr ($value) | |
| Returns escaped value that can be safely inserted into an html common attribute. | |
Protected Member Functions | |
| _format ($ordinalValue) | |
| Convert character represented by its ordinal value into &#xHH; format. | |
Protected Attributes | |
| $_safeChars = array(',', '.', '-', '_') | |
View helper for escaping untrusted data before inserting them into an html common attributes.
| P4Cms_View_Helper_EscapeAttr::__construct | ( | ) |
Extend constructor to initilize list of illegal characters.
{
// set list with illegal characters represented by their ordinal numbers
for ($i = 1; $i < 32; $i++) {
if ($i != 9 // tab
&& chr($i) != "\n"
&& chr($i) != "\r"
) {
$this->_illegalOrd[] = $i;
}
}
parent::__construct();
}
| P4Cms_View_Helper_EscapeAttr::_format | ( | $ | ordinalValue | ) | [protected] |
Convert character represented by its ordinal value into &#xHH; format.
| int | $ordinalValue | Ordinal value to format. |
Reimplemented from P4Cms_View_Helper_EscapeAbstract.
{
$hex = dechex($ordinalValue);
return '&#x' . $hex . ';';
}
| P4Cms_View_Helper_EscapeAttr::escapeAttr | ( | $ | value | ) |
Returns escaped value that can be safely inserted into an html common attribute.
Untrusted data should be escaped before inserting them into html common attributes:
inside unquoted attribute
inside single quoted attribute
inside double quoted attribute
This should not be used for complex attributes like href, src, style, or any of the event handlers like onmouseover.
| string | $value | Value to escape. |
{
return $this->_encode($value);
}
P4Cms_View_Helper_EscapeAttr::$_safeChars = array(',', '.', '-', '_') [protected] |
Reimplemented from P4Cms_View_Helper_EscapeAbstract.