summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorkenjis <kenji@codeigniter.jp>2011-08-25 03:51:44 +0200
committerPhil Sturgeon <email@philsturgeon.co.uk>2011-10-28 16:08:00 +0200
commit55027807e4826dfe722598172ab7ffbd9dc0b48c (patch)
treefd9e3c4b10f34c02688cead2825920960fecaff7
parent426ff851c2164651228a9a9bc10869301b19dbcc (diff)
add html_escape() function to escape HTML.
-rw-r--r--system/core/Common.php24
-rw-r--r--user_guide/changelog.html1
-rw-r--r--user_guide/general/common_functions.html2
3 files changed, 27 insertions, 0 deletions
diff --git a/system/core/Common.php b/system/core/Common.php
index db9fbeb9f..3d6931bc0 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -536,5 +536,29 @@ if ( ! function_exists('remove_invisible_characters'))
}
}
+// ------------------------------------------------------------------------
+
+/**
+* Returns HTML escaped variable
+*
+* @access public
+* @param mixed
+* @return mixed
+*/
+if ( ! function_exists('html_escape'))
+{
+ function html_escape($var)
+ {
+ if (is_array($var))
+ {
+ return array_map('html_escape', $var);
+ }
+ else
+ {
+ return htmlspecialchars($var, ENT_QUOTES, config_item('charset'));
+ }
+ }
+}
+
/* End of file Common.php */
/* Location: ./system/core/Common.php */ \ No newline at end of file
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 19e659f45..11a15370e 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -64,6 +64,7 @@ Change Log
<li>General Changes
<ul>
<li>Callback validation rules can now accept parameters like any other validation rule.</li>
+ <li class="reactor">Added html_escape() to the <a href="general/common_functions.html">Common functions<a> to escape HTML output for preventing XSS easliy.</li>
</ul>
</li>
<li>Helpers
diff --git a/user_guide/general/common_functions.html b/user_guide/general/common_functions.html
index 2751133bb..f290521a9 100644
--- a/user_guide/general/common_functions.html
+++ b/user_guide/general/common_functions.html
@@ -104,6 +104,8 @@ else<br />
<p>This function prevents inserting null characters between ascii characters, like Java\0script.</p>
+<h2>html_escape(<var>$mixed</var>)</h2>
+<p>This function provides short cut for htmlspecialchars() function. It accepts string and array. To prevent Cross Site Scripting (XSS), it is very useful.</p>
</div>