/**
* Sets the current charset.
*
* @param string $charset The current charset
*/
public static function setCharset($charset)
{
self::$charset = $charset;
}
/**
* Initializes the built-in escapers.
*
* Each function specifies a way for applying a transformation to a string
* passed to it. The purpose is for the string to be "escaped" so it is
* suitable for the format it is being displayed in.
*
* For example, the string: "It's required that you enter a username & password.\n"
* If this were to be displayed as HTML it would be sensible to turn the
* ampersand into '&' and the apostrophe into '&aps;'. However if it were
* going to be used as a string in JavaScript to be displayed in an alert box
* it would be right to leave the string as-is, but c-escape the apostrophe and
* the new line.
*
* For each function there is a define to avoid problems with strings being
* incorrectly specified.
*/
static function initializeEscapers()
{
self::$escapers = array('htmlspecialchars' => function ($value) {
// Numbers and boolean values get turned into strings which can cause problems
// with type comparisons (e.g. === or is_int() etc).
return is_string($value) ? htmlspecialchars($value, ENT_QUOTES, Escaper::getCharset()) : $value;
}, 'entities' => function ($value) {
// Numbers and boolean values get turned into strings which can cause problems
// with type comparisons (e.g. === or is_int() etc).
return is_string($value) ? htmlentities($value, ENT_QUOTES, Escaper::getCharset()) : $value;
}, 'raw' => function ($value) {
return $value;
}, 'js' => function ($value) {
return str_replace(array("\\", "\n", "\r", "\"", "'"), array("\\\\", "\\n", "\\r", "\\\"", "\\'"), is_string($value) ? htmlentities($value, ENT_QUOTES, Escaper::getCharset()) : $value);
}, 'js_no_entities' => function ($value) {
return str_replace(array("\\", "\n", "\r", "\"", "'"), array("\\\\", "\\n", "\\r", "\\\"", "\\'"), $value);
});
}
/**
* Initializes the built-in escapers.
*
* Each function specifies a way for applying a transformation to a string
* passed to it. The purpose is for the string to be "escaped" so it is
* suitable for the format it is being displayed in.
*
* For example, the string: "It's required that you enter a username & password.\n"
* If this were to be displayed as HTML it would be sensible to turn the
* ampersand into '&' and the apostrophe into '&aps;'. However if it were
* going to be used as a string in JavaScript to be displayed in an alert box
* it would be right to leave the string as-is, but c-escape the apostrophe and
* the new line.
*
* For each function there is a define to avoid problems with strings being
* incorrectly specified.
*/
static function initializeEscapers()
{
self::$escapers = array(
'htmlspecialchars' =>
/**
* Runs the PHP function htmlspecialchars on the value passed.
*
* @param string $value the value to escape
*
* @return string the escaped value
*/
function ($value)
{
// Numbers and boolean values get turned into strings which can cause problems
// with type comparisons (e.g. === or is_int() etc).
return is_string($value) ? htmlspecialchars($value, ENT_QUOTES, Escaper::getCharset()) : $value;
},
'entities' =>
/**
* Runs the PHP function htmlentities on the value passed.
*
* @param string $value the value to escape
* @return string the escaped value
*/
function ($value)
{
// Numbers and boolean values get turned into strings which can cause problems
// with type comparisons (e.g. === or is_int() etc).
return is_string($value) ? htmlentities($value, ENT_QUOTES, Escaper::getCharset()) : $value;
},
'raw' =>
/**
* An identity function that merely returns that which it is given, the purpose
* being to be able to specify that the value is not to be escaped in any way.
*
* @param string $value the value to escape
* @return string the escaped value
*/
function ($value) { return $value; },
'js' =>
/**
* A function that c-escapes a string after applying (cf. entities). The
* assumption is that the value will be used to generate dynamic HTML in some
* way and the safest way to prevent mishap is to assume the value should have
* HTML entities set properly.
*
* The (cf. js_no_entities) method should be used to escape a string
* that is ultimately not going to end up as text in an HTML document.
*
* @param string $value the value to escape
* @return string the escaped value
*/
function ($value) { return str_replace(array("\\" , "\n" , "\r" , "\"" , "'" ), array("\\\\", "\\n" , "\\r", "\\\"", "\\'"), (is_string($value) ? htmlentities($value, ENT_QUOTES, Escaper::getCharset()) : $value)); },
'js_no_entities' =>
/**
* A function the c-escapes a string, making it suitable to be placed in a
* JavaScript string.
*
* @param string $value the value to escape
* @return string the escaped value
*/
function ($value) { return str_replace(array("\\" , "\n" , "\r" , "\"" , "'" ), array("\\\\", "\\n" , "\\r", "\\\"", "\\'"), $value); },
);
}
