public function get($name) { if (array_key_exists($name, self::$storage)) { $content = self::$storage[$name]; $escaper = new \Phalcon\Escaper(); return "<meta name=\"{$name}\" content=\"{$escaper->escapeHtml($content)}\">\n"; } }
public function get($name) { if (array_key_exists($name, self::$storage)) { $content = self::$storage[$name]; $escaper = new \Phalcon\Escaper(); return '<meta name="' . $name . '" content="' . $escaper->escapeHtml($content) . '">'; } }
//Malicious CSS class name $className = ';`('; //Malicious CSS font name $fontName = 'Verdana"</style>'; //Malicious Javascript text $javascriptText = "';</script>Hello"; //Create an escaper $e = new Phalcon\Escaper(); ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title><?php echo $e->escapeHtml($maliciousTitle); ?> </title> <style type="text/css"> . <?php echo $e->escapeCss($className); ?> { font-family: "<?php echo $e->escapeCss($fontName); ?> "; color: red; } </style>