diff options
author | kenjis <kenji@codeigniter.jp> | 2011-08-25 03:51:44 +0200 |
---|---|---|
committer | kenjis <kenji@codeigniter.jp> | 2011-08-25 03:51:44 +0200 |
commit | fbac8b4553942db4be52e872d9fd68717e5006e4 (patch) | |
tree | bbc95119f6c7cc0f89bf0ac8b6862711811d5623 | |
parent | 0ba26c731cf8838b5239c1a7957bc18f58fe2f7d (diff) |
add html_escape() function to escape HTML.
-rw-r--r-- | system/core/Common.php | 24 | ||||
-rw-r--r-- | user_guide/changelog.html | 1 | ||||
-rw-r--r-- | user_guide/general/common_functions.html | 2 |
3 files changed, 27 insertions, 0 deletions
diff --git a/system/core/Common.php b/system/core/Common.php index 3c62403ac..d79375475 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -536,5 +536,29 @@ if ( ! function_exists('remove_invisible_characters')) } } +// ------------------------------------------------------------------------ + +/** +* Returns HTML escaped variable +* +* @access public +* @param mixed +* @return mixed +*/ +if ( ! function_exists('html_escape')) +{ + function html_escape($var) + { + if (is_array($var)) + { + return array_map('html_escape', $var); + } + else + { + return htmlspecialchars($var, ENT_QUOTES, config_item('charset')); + } + } +} + /* End of file Common.php */ /* Location: ./system/core/Common.php */
\ No newline at end of file diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 91312e46b..c22bebda6 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -67,6 +67,7 @@ Change Log <ul> <li class="reactor">Callback validation rules can now accept parameters like any other validation rule.</li> <li class="reactor">Ability to log certain error types, not all under a threshold.</li> + <li class="reactor">Added html_escape() to the <a href="general/common_functions.html">Common functions<a> to escape HTML output for preventing XSS easliy.</li> </ul> </li> <li>Helpers diff --git a/user_guide/general/common_functions.html b/user_guide/general/common_functions.html index 65457759d..7cff6321c 100644 --- a/user_guide/general/common_functions.html +++ b/user_guide/general/common_functions.html @@ -104,6 +104,8 @@ else<br /> <p>This function prevents inserting null characters between ascii characters, like Java\0script.</p> +<h2>html_escape(<var>$mixed</var>)</h2> +<p>This function provides short cut for htmlspecialchars() function. It accepts string and array. To prevent Cross Site Scripting (XSS), it is very useful.</p> </div> |