Sceluswe /
XSS-Escaper
| @@ 60-68 (lines=9) @@ | ||
| 57 | * |
|
| 58 | * @return $result, escaped string. |
|
| 59 | */ |
|
| 60 | public function escapeHTMLattr($value) { |
|
| 61 | $result = preg_replace_callback("/[\W]/", function($matches) { |
|
| 62 | return "&#x" . bin2hex($matches[0]) . ";"; |
|
| 63 | }, |
|
| 64 | $value); |
|
| 65 | return $result; |
|
| 66 | } |
|
| 67 | ||
| 68 | /** Escapes non-alphanumeric characters in an untrusted string for JS input values. |
|
| 69 | * |
|
| 70 | * @param $string, the untrusted string to escape. |
|
| 71 | * |
|
| @@ 74-82 (lines=9) @@ | ||
| 71 | * |
|
| 72 | * @return $result, escaped string. |
|
| 73 | */ |
|
| 74 | public function escapeJs($value) { |
|
| 75 | $result = preg_replace_callback("/[\W]/", function($matches) { |
|
| 76 | return "\\x" . bin2hex($matches[0]); |
|
| 77 | }, |
|
| 78 | $value); |
|
| 79 | ||
| 80 | return $result; |
|
| 81 | } |
|
| 82 | ||
| 83 | /** Escapes non-alphanumeric characters in an untrusted string for CSS input values. |
|
| 84 | * |
|
| 85 | * @param $string, the untrusted string to escape. |
|
| @@ 89-97 (lines=9) @@ | ||
| 86 | * |
|
| 87 | * @return $result, escaped string. |
|
| 88 | */ |
|
| 89 | public function escapeCSS($value) { |
|
| 90 | $result = preg_replace_callback("/[\W]/", function($matches) { |
|
| 91 | return "\\" . bin2hex($matches[0]) . " "; |
|
| 92 | }, |
|
| 93 | $value); |
|
| 94 | ||
| 95 | return $result; |
|
| 96 | } |
|
| 97 | ||
| 98 | /** Escapes data that is to be inserted in a URL not the whole URL itself. |
|
| 99 | * |
|
| 100 | * @param $string, the untrusted string to escape. |
|
