Escaper
- Full name:
\Qubus\Security\Escaper - This class implements:
\Qubus\Security\CleanHtmlEntities
Methods
htmlSpecialChars
Convert special characters to HTML entities
private htmlSpecialChars(string $string, int $flags = ENT_QUOTES | ENT_HTML5, string $encoding = 'UTF-8', bool $doubleEncoding = true): string
Parameters:
| Parameter | Type | Description |
|---|---|---|
$string | string | The string being converted. |
$flags | int | A bitmask of one or more flags. |
$encoding | string | An optional argument defining the encoding used when converting characters. |
$doubleEncoding | bool | When double_encode is turned off PHP will not encode existing html entities, the default is to convert everything. |
Throws:
html
Escaping for HTML blocks.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$string | string |
Return Value:
Escaped HTML block.
Throws:
textarea
Escaping for textarea.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$string | string |
Return Value:
Escaped string.
Throws:
url
Escaping for url.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$url | string | The url to be escaped. |
$scheme | array | The url scheme. |
$encode | bool | Whether url params should be encoded. |
Return Value:
The escaped $url after the escUrl filter is applied.
attr
Escaping for HTML attributes.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$string | string |
Return Value:
Escaped HTML attribute.
Throws:
js
Escaping for inline javascript.
Example usage:
$esc_js = json_encode("Joshua's \"code\""); $attribute = $this->js("alert($esc_js);"); echo '';
Parameters:
| Parameter | Type | Description |
|---|---|---|
$string | string |
Return Value:
Escaped inline javascript.
Throws:
Automatically generated on 2025-10-13
