phower/escaper

A PHP class which offers a way to escape output and defend from XSS and related vulnerabilities by introducing HTML, CSS and Javascript escaping context.

Phower Escaper

A PHP class which offers a way to escape output and defend from XSS and related vulnerabilities by introducing HTML, CSS and Javascript escaping context., _(*1)

Phower\Escaper is inspired in Zend's escaper component and both attempt to minimize the risks from the second most important OWASP web security risk., _(*2)

Instalation

This package uses Composer tool for auto-loading and dependency management. From your project root folder just run:, _(*3)

composer require phower/escaper

Usage

Simply instantiate your object as usual:, _(*4)

``` php
use Phower\Escaper;

$escaper = new Escaper();
```

Class constructor supports a argument which allows to specify a given encoding format. E.g you can escape code from iso-8859-1 using:, _(*5)

``` php
use Phower\Escaper;

$escaper = new Escaper('iso-8859-1');
```

This package is meant to be used for code output escaping only. Looking the implemented interface there are five methods available for that:, _(*6)

• escapeHtml: escape a string for the HTML Body context.
• escapeHtmlAttr: escape a string for the HTML Attribute context.
• escapeJs: escape a string for the Javascript context.
• escapeCss: escape a string for the CSS context.
• escapeUrl: escape a string for the URI or Parameter contexts.