public function testItCanEscapeArrayInsideObjectProperty() { $userObjectWithArrayProperty = new User('John', ['<b>Doe</b>']); Escpr::escape($userObjectWithArrayProperty); $this->assertEquals(['<b>Doe</b>'], $userObjectWithArrayProperty->getLastName()); }
$simpleUserObject = new User("John", "<b>Doe</b>"); Escpr::escape($simpleUserObject); echo $simpleUserObject . '<br />'; // Escaping array of arrays. $complexArray = ['some' => ['complex' => ['stuff' => '<b>here</b>']]]; Escpr::escape($complexArray); echo $complexArray['some']['complex']['stuff'] . '<br />'; // Escaping array of things. $moreComplexArray = ['<u>string</u>', 'some' => ['array' => ['of' => [new User('John', '<b>Doe</b>')], 'and' => '<b>Another thing</b>']], ['<li>and this list item</li>'], ['and' => ['why' => ['not' => ['this' => ['crazy' => ['thing' => '<script>console.log("hey!")</script>']]]]]]]; Escpr::escape($moreComplexArray); array_walk_recursive($moreComplexArray, function ($e) { echo $e . '<br />'; }); // Escaping stdClass objects // NOTE: Escpr does not escape stdClass objects. // WORKAROUND: // First, cast to array. // Second, escape with Escpr::escape(). // Third, cast back to object. $stdClassObject = new stdClass(); // create a simple stdClass object. $stdClassObject->escapeMe = '<script>alert("Rotten tomatoes ftw!")</script>'; // add a property to it. $stdClassObjectAsArray = (array) $stdClassObject; // because Escpr does not escape stdClass objects, convert it to array. Escpr::escape($stdClassObjectAsArray); // escape the casted array. $stdClassObject = (object) $stdClassObjectAsArray; // cast the escaped array back to stdClass object. echo $stdClassObject->escapeMe . '<br />'; // print the escaped value.