/** * Initializes the built-in escapers. * * Each function specifies a way for applying a transformation to a string * passed to it. The purpose is for the string to be "escaped" so it is * suitable for the format it is being displayed in. * * For example, the string: "It's required that you enter a username & password.\n" * If this were to be displayed as HTML it would be sensible to turn the * ampersand into '&' and the apostrophe into '&aps;'. However if it were * going to be used as a string in JavaScript to be displayed in an alert box * it would be right to leave the string as-is, but c-escape the apostrophe and * the new line. * * For each function there is a define to avoid problems with strings being * incorrectly specified. */ static function initializeEscapers() { self::$escapers = array('htmlspecialchars' => function ($value) { // Numbers and boolean values get turned into strings which can cause problems // with type comparisons (e.g. === or is_int() etc). return is_string($value) ? htmlspecialchars($value, ENT_QUOTES, Escaper::getCharset()) : $value; }, 'entities' => function ($value) { // Numbers and boolean values get turned into strings which can cause problems // with type comparisons (e.g. === or is_int() etc). return is_string($value) ? htmlentities($value, ENT_QUOTES, Escaper::getCharset()) : $value; }, 'raw' => function ($value) { return $value; }, 'js' => function ($value) { return str_replace(array("\\", "\n", "\r", "\"", "'"), array("\\\\", "\\n", "\\r", "\\\"", "\\'"), is_string($value) ? htmlentities($value, ENT_QUOTES, Escaper::getCharset()) : $value); }, 'js_no_entities' => function ($value) { return str_replace(array("\\", "\n", "\r", "\"", "'"), array("\\\\", "\\n", "\\r", "\\\"", "\\'"), $value); }); }
/** * Initializes the built-in escapers. * * Each function specifies a way for applying a transformation to a string * passed to it. The purpose is for the string to be "escaped" so it is * suitable for the format it is being displayed in. * * For example, the string: "It's required that you enter a username & password.\n" * If this were to be displayed as HTML it would be sensible to turn the * ampersand into '&' and the apostrophe into '&aps;'. However if it were * going to be used as a string in JavaScript to be displayed in an alert box * it would be right to leave the string as-is, but c-escape the apostrophe and * the new line. * * For each function there is a define to avoid problems with strings being * incorrectly specified. */ static function initializeEscapers() { self::$escapers = array('htmlspecialchars' => function ($value) { // Numbers and boolean values get turned into strings which can cause problems // with type comparisons (e.g. === or is_int() etc). return is_string($value) ? htmlspecialchars($value, ENT_QUOTES, Escaper::getCharset(), false) : $value; }, 'entities' => function ($value) { // Numbers and boolean values get turned into strings which can cause problems // with type comparisons (e.g. === or is_int() etc). return is_string($value) ? htmlentities($value, ENT_QUOTES, Escaper::getCharset(), false) : $value; }, 'raw' => function ($value) { return $value; }, 'js' => function ($value) { if ('UTF-8' != Escaper::getCharset()) { $string = Escaper::convertEncoding($string, 'UTF-8', Escaper::getCharset()); } $callback = function ($matches) { $char = $matches[0]; // \xHH if (!isset($char[1])) { return '\\x' . substr('00' . bin2hex($char), -2); } // \uHHHH $char = Escaper::convertEncoding($char, 'UTF-16BE', 'UTF-8'); return '\\u' . substr('0000' . bin2hex($char), -4); }; if (null === ($string = preg_replace_callback('#[^\\p{L}\\p{N} ]#u', $callback, $string))) { throw new InvalidArgumentException('The string to escape is not a valid UTF-8 string.'); } if ('UTF-8' != Escaper::getCharset()) { $string = Escaper::convertEncoding($string, Escaper::getCharset(), 'UTF-8'); } return $string; }); }