/** * Test that html() strips tags and escapes entities. */ public function testHtml() { $this->assertEquals('String with b & i tags.', Sanitize::html('String <b>with</b> b & i <i>tags</i>.')); $this->assertEquals('String <b>with</b> b & i <i>tags</i>.', Sanitize::html('String <b>with</b> b & i <i>tags</i>.', array('strip' => false))); $this->assertEquals('String <b>with</b> b & i tags.', Sanitize::html('String <b>with</b> b & i <i>tags</i>.', array('whitelist' => '<b>'))); $this->assertEquals('String with b &amp; i tags.', Sanitize::html('String <b>with</b> b & i <i>tags</i>.', array('double' => true))); }
/** * Run the filters before each save. * * @param \Titon\Event\Event $event * @param \Titon\Db\Query $query * @param int|int[] $id * @param array $data * @return bool */ public function preSave(Event $event, Query $query, $id, array &$data) { $filters = $this->getFilters(); foreach ($data as $key => $value) { if (empty($filters[$key])) { continue; } $filter = $filters[$key]; // HTML escape if (isset($filter['html'])) { $value = Sanitize::html($value, $filter['html']); } // Newlines if (isset($filter['newlines'])) { $value = Sanitize::newlines($value, $filter['newlines']); } // Whitespace if (isset($filter['whitespace'])) { $value = Sanitize::whitespace($value, $filter['whitespace']); } // XSS if (isset($filter['xss'])) { $value = Sanitize::xss($value, $filter['xss']); } $data[$key] = $value; } return true; }
function html($value, array $options = array()) { return Sanitize::html($value, $options); }