add html_escape() function to escape HTML.

author: kenjis <kenji@codeigniter.jp> 2011-08-25 03:51:44 +0200
committer: Phil Sturgeon <email@philsturgeon.co.uk> 2011-10-28 16:08:00 +0200
commit: 55027807e4826dfe722598172ab7ffbd9dc0b48c (patch)
tree: fd9e3c4b10f34c02688cead2825920960fecaff7 /user_guide
parent: 426ff851c2164651228a9a9bc10869301b19dbcc (diff)
2 files changed, 3 insertions, 0 deletions
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 19e659f45..11a15370e 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -64,6 +64,7 @@ Change Log
 	<li>General Changes
 		<ul>
 			<li>Callback validation rules can now accept parameters like any other validation rule.</li>
+			<li class="reactor">Added html_escape() to the <a href="general/common_functions.html">Common functions<a> to escape HTML output for preventing XSS easliy.</li>
 		</ul>
 	</li>
 	<li>Helpers
diff --git a/user_guide/general/common_functions.html b/user_guide/general/common_functions.html
index 2751133bb..f290521a9 100644
--- a/user_guide/general/common_functions.html
+++ b/user_guide/general/common_functions.html
@@ -104,6 +104,8 @@ else<br />
 <p>This function prevents inserting null characters between ascii characters, like Java\0script.</p>
 
 
+<h2>html_escape(<var>$mixed</var>)</h2>
+<p>This function provides short cut for htmlspecialchars() function. It accepts string and array. To prevent Cross Site Scripting (XSS), it is very useful.</p>
 
 </div>
author	kenjis <kenji@codeigniter.jp>	2011-08-25 03:51:44 +0200
committer	Phil Sturgeon <email@philsturgeon.co.uk>	2011-10-28 16:08:00 +0200
commit	55027807e4826dfe722598172ab7ffbd9dc0b48c (patch)
tree	fd9e3c4b10f34c02688cead2825920960fecaff7 /user_guide
parent	426ff851c2164651228a9a9bc10869301b19dbcc (diff)