/**
* Initializes the built-in escapers.
*
* Each function specifies a way for applying a transformation to a string
* passed to it. The purpose is for the string to be "escaped" so it is
* suitable for the format it is being displayed in.
*
* For example, the string: "It's required that you enter a username & password.\n"
* If this were to be displayed as HTML it would be sensible to turn the
* ampersand into '&' and the apostrophe into '&aps;'. However if it were
* going to be used as a string in JavaScript to be displayed in an alert box
* it would be right to leave the string as-is, but c-escape the apostrophe and
* the new line.
*
* For each function there is a define to avoid problems with strings being
* incorrectly specified.
*/
static function initializeEscapers()
{
self::$escapers = array('htmlspecialchars' => function ($value) {
// Numbers and boolean values get turned into strings which can cause problems
// with type comparisons (e.g. === or is_int() etc).
return is_string($value) ? htmlspecialchars($value, ENT_QUOTES, Escaper::getCharset()) : $value;
}, 'entities' => function ($value) {
// Numbers and boolean values get turned into strings which can cause problems
// with type comparisons (e.g. === or is_int() etc).
return is_string($value) ? htmlentities($value, ENT_QUOTES, Escaper::getCharset()) : $value;
}, 'raw' => function ($value) {
return $value;
}, 'js' => function ($value) {
return str_replace(array("\\", "\n", "\r", "\"", "'"), array("\\\\", "\\n", "\\r", "\\\"", "\\'"), is_string($value) ? htmlentities($value, ENT_QUOTES, Escaper::getCharset()) : $value);
}, 'js_no_entities' => function ($value) {
return str_replace(array("\\", "\n", "\r", "\"", "'"), array("\\\\", "\\n", "\\r", "\\\"", "\\'"), $value);
});
}
/**
* Initializes the built-in escapers.
*
* Each function specifies a way for applying a transformation to a string
* passed to it. The purpose is for the string to be "escaped" so it is
* suitable for the format it is being displayed in.
*
* For example, the string: "It's required that you enter a username & password.\n"
* If this were to be displayed as HTML it would be sensible to turn the
* ampersand into '&' and the apostrophe into '&aps;'. However if it were
* going to be used as a string in JavaScript to be displayed in an alert box
* it would be right to leave the string as-is, but c-escape the apostrophe and
* the new line.
*
* For each function there is a define to avoid problems with strings being
* incorrectly specified.
*/
static function initializeEscapers()
{
self::$escapers = array('htmlspecialchars' => function ($value) {
// Numbers and boolean values get turned into strings which can cause problems
// with type comparisons (e.g. === or is_int() etc).
return is_string($value) ? htmlspecialchars($value, ENT_QUOTES, Escaper::getCharset(), false) : $value;
}, 'entities' => function ($value) {
// Numbers and boolean values get turned into strings which can cause problems
// with type comparisons (e.g. === or is_int() etc).
return is_string($value) ? htmlentities($value, ENT_QUOTES, Escaper::getCharset(), false) : $value;
}, 'raw' => function ($value) {
return $value;
}, 'js' => function ($value) {
if ('UTF-8' != Escaper::getCharset()) {
$string = Escaper::convertEncoding($string, 'UTF-8', Escaper::getCharset());
}
$callback = function ($matches) {
$char = $matches[0];
// \xHH
if (!isset($char[1])) {
return '\\x' . substr('00' . bin2hex($char), -2);
}
// \uHHHH
$char = Escaper::convertEncoding($char, 'UTF-16BE', 'UTF-8');
return '\\u' . substr('0000' . bin2hex($char), -4);
};
if (null === ($string = preg_replace_callback('#[^\\p{L}\\p{N} ]#u', $callback, $string))) {
throw new InvalidArgumentException('The string to escape is not a valid UTF-8 string.');
}
if ('UTF-8' != Escaper::getCharset()) {
$string = Escaper::convertEncoding($string, Escaper::getCharset(), 'UTF-8');
}
return $string;
});
}
