1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: <?php
/**
* MvcCore
*
* This source file is subject to the BSD 3 License
* For the full copyright and license information, please view
* the LICENSE.md file that are distributed with this source code.
*
* @copyright Copyright (c) 2016 Tom Flidr (https://github.com/mvccore)
* @license https://mvccore.github.io/docs/mvccore/5.0.0/LICENCE.md
*/
namespace MvcCore\View;
trait Escaping {
/**
* @inheritDocs
* @param string $str
* @param bool $double
* @param string $encoding
* @return string
*/
public function Escape ($str, $encoding = 'UTF-8') {
/** @var $this \MvcCore\View */
return htmlspecialchars(
(string) $str, $this->escapeGetFlags(ENT_QUOTES), $encoding
);
}
/**
* @inheritDocs
* @param string $str
* @param bool $double
* @param string $encoding
* @return string
*/
public function EscapeHtml ($str, $encoding = 'UTF-8') {
/** @var $this \MvcCore\View */
return htmlspecialchars(
(string) $str, $this->escapeGetFlags(ENT_NOQUOTES), $encoding
);
}
/**
* @inheritDocs
* @param string $str
* @param bool $double
* @param string $encoding
* @return string
*/
public function EscapeAttr ($str, $double = TRUE, $encoding = 'UTF-8') {
/** @var $this \MvcCore\View */
$str = (string) $str;
if (mb_strpos($str, '`') !== FALSE && strpbrk($str, ' <>"\'') === FALSE)
$str .= ' '; // protection against innerHTML mXSS vulnerability
return htmlspecialchars(
$str, $this->escapeGetFlags(ENT_QUOTES), $encoding, $double
);
}
/**
* @inheritDocs
* @param string $str
* @param string $encoding
* @return string
*/
public function EscapeXml ($str, $encoding = 'UTF-8') {
/** @var $this \MvcCore\View */
$str = preg_replace('#[\x00-\x08\x0B\x0C\x0E-\x1F]#', "\u{FFFD}", (string) $str);
return htmlspecialchars(
$str, $this->escapeGetFlags(ENT_XML1 | ENT_QUOTES), $encoding
);
}
/**
* @inheritDocs
* @param string $str
* @param int $flags
* @param int $depth
* @return string
*/
public function EscapeJs ($str, $flags = 0, $depth = 512) {
/** @var $this \MvcCore\View */
$toolClass = self::$_toolClass;
$json = $toolClass::EncodeJson($str, JSON_UNESCAPED_UNICODE);
return str_replace([']]>', '<!'], [']]\x3E', '\x3C!'], $json);
}
/**
* @inheritDocs
* @see http://www.w3.org/TR/2006/WD-CSS21-20060411/syndata.html#q6
* @param string $str
* @return string
*/
public function EscapeCss ($str) {
/** @var $this \MvcCore\View */
return addcslashes((string) $str, "\x00..\x1F!\"#$%&'()*+,./:;<=>?@[\\]^`{|}~");
}
/**
* @inheritDocs
* @see https://www.ietf.org/rfc/rfc5545.txt
* @param string $str
* @return string
*/
public function EscapeICal ($str) {
/** @var $this \MvcCore\View */
$str = str_replace("\r", '', (string) $str);
$str = preg_replace('#[\x00-\x08\x0B-\x1F]#', "\u{FFFD}", $str);
return addcslashes($str, "\";\\,:\n");
}
/**
* Complete flags for `htmlspecialchars()` by view type.
* @param int $flagsToAdd
* @return int
*/
protected function escapeGetFlags ($flagsToAdd) {
/** @var $this \MvcCore\View */
static $allEscapeFlags = [
\MvcCore\IView::DOCTYPE_HTML4 => ENT_HTML401,
\MvcCore\IView::DOCTYPE_XHTML => ENT_XHTML,
\MvcCore\IView::DOCTYPE_HTML5 => ENT_HTML5,
\MvcCore\IView::DOCTYPE_XML => ENT_XML1,
];
$doctype = static::$doctype;
$flags = isset($allEscapeFlags[$doctype])
? $allEscapeFlags[$doctype]
: ENT_QUOTES;
return $flags | ENT_SUBSTITUTE | $flagsToAdd;
}
}