开发者

What do $this->escape() in zend framework actually do?

问答 作者:

I need help in understanding the actual actions of a hel开发者_JAVA技巧per function in Zend Framework.

I need someone to explain to me what $this->escape($string) actually does to the string passed to it before printing the string into the template.

$this->escape() escapes a string according to settings you can provide with $this->setEscape('functionname'), by default it is PHP's htmlspecialchars function.

http://framework.zend.com/manual/en/zend.view.scripts.html

It calls the htmlspecialchars PHP function.

The translations performed are:

  • '&' (ampersand) becomes '&'
  • '"' (double quote) becomes '"'
  • '<' (less than) becomes '&lt;'
  • '>' (greater than) becomes '&gt;'

Over at the PiKe project we build a custom stream wrapper that automatically escapes all view variables to be safe by default against XSS, with a MINIMAL performance hit! You can still get the RAW value with:

<?=~ $variable ?>

Notice the "~" character. Checkout http://code.google.com/p/php-pike/wiki/Pike_View_Stream

继续阅读:phpzend-frameworkzend-view

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9