Exemple #1
0
 public function testItCanEscapeArrayInsideObjectProperty()
 {
     $userObjectWithArrayProperty = new User('John', ['<b>Doe</b>']);
     Escpr::escape($userObjectWithArrayProperty);
     $this->assertEquals(['&lt;b&gt;Doe&lt;/b&gt;'], $userObjectWithArrayProperty->getLastName());
 }
Exemple #2
0
$simpleUserObject = new User("John", "<b>Doe</b>");
Escpr::escape($simpleUserObject);
echo $simpleUserObject . '<br />';
// Escaping array of arrays.
$complexArray = ['some' => ['complex' => ['stuff' => '<b>here</b>']]];
Escpr::escape($complexArray);
echo $complexArray['some']['complex']['stuff'] . '<br />';
// Escaping array of things.
$moreComplexArray = ['<u>string</u>', 'some' => ['array' => ['of' => [new User('John', '<b>Doe</b>')], 'and' => '<b>Another thing</b>']], ['<li>and this list item</li>'], ['and' => ['why' => ['not' => ['this' => ['crazy' => ['thing' => '<script>console.log("hey!")</script>']]]]]]];
Escpr::escape($moreComplexArray);
array_walk_recursive($moreComplexArray, function ($e) {
    echo $e . '<br />';
});
// Escaping stdClass objects
// NOTE: Escpr does not escape stdClass objects.
// WORKAROUND:
//      First, cast to array.
//      Second, escape with Escpr::escape().
//      Third, cast back to object.
$stdClassObject = new stdClass();
// create a simple stdClass object.
$stdClassObject->escapeMe = '<script>alert("Rotten tomatoes ftw!")</script>';
// add a property to it.
$stdClassObjectAsArray = (array) $stdClassObject;
// because Escpr does not escape stdClass objects, convert it to array.
Escpr::escape($stdClassObjectAsArray);
// escape the casted array.
$stdClassObject = (object) $stdClassObjectAsArray;
// cast the escaped array back to stdClass object.
echo $stdClassObject->escapeMe . '<br />';
// print the escaped value.