Merge pull request #291 from kenjis/html_escape

add html_escape() function to escape HTML.
author: Greg Aker <greg@gregaker.net> 2011-08-25 05:58:10 +0200
committer: Greg Aker <greg@gregaker.net> 2011-08-25 05:58:10 +0200
commit: 9ff6336415f3da2a81142cb23343060df6196ebe (patch)
tree: 850711b8f4e981fcd1bf51151b1d71d53f630076 /user_guide
parent: 073d2c6effd134e36f7e5ed69d1398cbe09d383b (diff)
parent: fbac8b4553942db4be52e872d9fd68717e5006e4 (diff)
2 files changed, 3 insertions, 0 deletions
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 6a76a4fd0..e1a134def 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -67,6 +67,7 @@ Change Log
 		<ul>
 			<li class="reactor">Callback validation rules can now accept parameters like any other validation rule.</li>
 			<li class="reactor">Ability to log certain error types, not all under a threshold.</li>
+			<li class="reactor">Added html_escape() to the <a href="general/common_functions.html">Common functions<a> to escape HTML output for preventing XSS easliy.</li>
 		</ul>
 	</li>
 	<li>Helpers
diff --git a/user_guide/general/common_functions.html b/user_guide/general/common_functions.html
index 65457759d..7cff6321c 100644
--- a/user_guide/general/common_functions.html
+++ b/user_guide/general/common_functions.html
@@ -104,6 +104,8 @@ else<br />
 <p>This function prevents inserting null characters between ascii characters, like Java\0script.</p>
 
 
+<h2>html_escape(<var>$mixed</var>)</h2>
+<p>This function provides short cut for htmlspecialchars() function. It accepts string and array. To prevent Cross Site Scripting (XSS), it is very useful.</p>
 
 </div>
author	Greg Aker <greg@gregaker.net>	2011-08-25 05:58:10 +0200
committer	Greg Aker <greg@gregaker.net>	2011-08-25 05:58:10 +0200
commit	9ff6336415f3da2a81142cb23343060df6196ebe (patch)
tree	850711b8f4e981fcd1bf51151b1d71d53f630076 /user_guide
parent	073d2c6effd134e36f7e5ed69d1398cbe09d383b (diff)
parent	fbac8b4553942db4be52e872d9fd68717e5006e4 (diff)