PHPainfree2 Docs

$Painfree->safe() - Documentation | PHPainfree2

PHPainfree2 $Painfree->safe()

$Painfree->safe(string $unsafe) : string

$Painfree->safe(string $unsafe) : string

This function is designed to provide a starting point for user-input web safety. It's primary purpose is to provide an HTML escaping mechanism for any user-submitted code that you want to render inside of a template.


public function safe($unsafe='') : string {
	// null arguments to htmlspecialchars() is deprecated
	if ( ! $unsafe ) {
		return '';
	}
	return htmlspecialchars($unsafe);
}

Usage

Use this function (or something like it) anywhere you're going to be showing user-provided input in your HTML templates. This function is the bare minimum you'd need to prevent XSS attacks.

WARNING

This function is just a starting point for safely handling user input. It's merely a thin wrapper around htmlspecialchars(). You should consider your application's security requirements on a case-by-case basis and write code accordingly.

Example View

	<?php
		$user_input = 'Title<script>alert("hello");</script>';
	?>
	<div id="post-title" class="bg-dark text-light">
		<?= $user_input_title; ?> <!-- alerts -->
	</div>
	
	<div id="post-title-escaped" class="bg-dark text-light">
		<?= $Painfree->safe($user_input); ?> <!-- doesn't alert -->
	</div>
Template Output

	<div id="post-title" class="bg-dark text-light">
		Title<script>alert("hello");</script> <!-- alerts -->
	</div>
	
	<div id="post-title-escaped" class="bg-dark text-light">
		Title&lt;script&gt;alert(&quot;hello&quot;);&lt;/script&gt; <!-- doesn't alert -->
	</div>

PHPainfree Debugging Console [exec: 0.0023s]

1. App

App = App Object
(
    [title:App:private] => Painfree-safe -  Documentation |  PHPainfree2
    [htmx] => 
    [htmx_boosted] => 
    [route] => docs/painfree-safe
    [view] => docs
    [id] => painfree-safe
    [action] => 
    [data] => Array
        (
            [doc] => painfree-safe
        )

    [objects] => Array
        (
        )

    [BASE_PATH] => /var/www/vhosts/php.programming-is-easy.com
)

2. Painfree

Painfree = PHPainfree Object
(
    [Version] => 2.2.1
    [URI] => https://php.programming-is-easy.com/docs/painfree-safe
    [route] => docs/painfree-safe
    [Root] => /var/www/vhosts/php.programming-is-easy.com/
    [db] => 
    [Autoload] => Array
        (
        )

    [__debug] => Array
        (
            [App] => App Object
(
    [title:App:private] => Painfree-safe -  Documentation |  PHPainfree2
    [htmx] => 
    [htmx_boosted] => 
    [route] => docs/painfree-safe
    [view] => docs
    [id] => painfree-safe
    [action] => 
    [data] => Array
        (
            [doc] => painfree-safe
        )

    [objects] => Array
        (
        )

    [BASE_PATH] => /var/www/vhosts/php.programming-is-easy.com
)

        )

    [options:PHPainfree:private] => Array
        (
            [ApplicationController] => App.php
            [BaseView] => app.php
            [DefaultRoute] => main
            [PublicFolder] => htdocs
            [TemplateFolder] => templates
            [LogicFolder] => includes
            [ControllerFolder] => Controllers
            [ImagesFolder] => images
            [CssFolder] => css
            [JsFolder] => js
            [DynamicFolder] => views
            [Database] => Array
                (
                )

            [RouteParameter] => route
        )

)

3. DebugExamples

DebugExamples = Please be aware that there are several $Painfree->debug() calls made in templates/debug.php to be used as examples. You should probably remove them.

4. $TestArray

$TestArray = Array
(
    [this_is] => a simple dummy array.
    [example] => Array
        (
            [0] => 1
            [1] => 2
            [2] => 3
        )

)

5. $PainfreeConfig

$PainfreeConfig = Array
(
    [ApplicationController] => App.php
    [BaseView] => app.php
    [DefaultRoute] => main
    [PublicFolder] => htdocs
    [TemplateFolder] => templates
    [LogicFolder] => includes
    [ControllerFolder] => Controllers
    [ImagesFolder] => images
    [CssFolder] => css
    [JsFolder] => js
    [DynamicFolder] => views
    [Database] => Array
        (
        )

    [RouteParameter] => route
)

6. EXAMPLE

EXAMPLE = You can basically pass anything to $Painfree->debug().