Sceluswe /
XSS-Escaper
@@ -35,7 +35,7 @@ |
||
| 35 | 35 | |
| 36 | 36 | /** Returns the used charset for the esacpeHTML and escapeXML function. |
| 37 | 37 | * |
| 38 | - * @return the current charset as a string. |
|
| 38 | + * @return string current charset as a string. |
|
| 39 | 39 | */ |
| 40 | 40 | public function getEncoding() |
| 41 | 41 | { |
@@ -23,10 +23,10 @@ discard block |
||
| 23 | 23 | } |
| 24 | 24 | |
| 25 | 25 | /** Sets the used charset for the esacpeHTML and escapeXML function. |
| 26 | - * |
|
| 27 | - * @param $value, the string/value to escape. |
|
| 28 | - * |
|
| 29 | - */ |
|
| 26 | + * |
|
| 27 | + * @param $value, the string/value to escape. |
|
| 28 | + * |
|
| 29 | + */ |
|
| 30 | 30 | public function setEncoding($value) |
| 31 | 31 | { |
| 32 | 32 | $_SESSION['escaper_charset'] = strip_tags($value); |
@@ -34,20 +34,20 @@ discard block |
||
| 34 | 34 | } |
| 35 | 35 | |
| 36 | 36 | /** Returns the used charset for the esacpeHTML and escapeXML function. |
| 37 | - * |
|
| 38 | - * @return the current charset as a string. |
|
| 39 | - */ |
|
| 37 | + * |
|
| 38 | + * @return the current charset as a string. |
|
| 39 | + */ |
|
| 40 | 40 | public function getEncoding() |
| 41 | 41 | { |
| 42 | 42 | return $this->CHARSET; |
| 43 | 43 | } |
| 44 | 44 | |
| 45 | 45 | /** Escapes HTML string using htmlspecialchars(). |
| 46 | - * |
|
| 47 | - * @param $string, the untrusted string to escape. |
|
| 48 | - * |
|
| 49 | - * @return $result, escaped string. |
|
| 50 | - */ |
|
| 46 | + * |
|
| 47 | + * @param $string, the untrusted string to escape. |
|
| 48 | + * |
|
| 49 | + * @return $result, escaped string. |
|
| 50 | + */ |
|
| 51 | 51 | public function escapeHTML($value) |
| 52 | 52 | { |
| 53 | 53 | $result = htmlspecialchars($value, ENT_QUOTES | ENT_SUBSTITUTE, $this->CHARSET); |
@@ -57,11 +57,11 @@ discard block |
||
| 57 | 57 | } |
| 58 | 58 | |
| 59 | 59 | /** Escapes non-alphanumeric characters in an untrusted string for HTML attribute values. |
| 60 | - * |
|
| 61 | - * @param $string, the untrusted string to escape. |
|
| 62 | - * |
|
| 63 | - * @return $result, escaped string. |
|
| 64 | - */ |
|
| 60 | + * |
|
| 61 | + * @param $string, the untrusted string to escape. |
|
| 62 | + * |
|
| 63 | + * @return $result, escaped string. |
|
| 64 | + */ |
|
| 65 | 65 | public function escapeHTMLattr($value) |
| 66 | 66 | { |
| 67 | 67 | $result = preg_replace_callback("/[\W]/", function ($matches){ |
@@ -73,11 +73,11 @@ discard block |
||
| 73 | 73 | } |
| 74 | 74 | |
| 75 | 75 | /** Escapes non-alphanumeric characters in an untrusted string for JS input values. |
| 76 | - * |
|
| 77 | - * @param $string, the untrusted string to escape. |
|
| 78 | - * |
|
| 79 | - * @return $result, escaped string. |
|
| 80 | - */ |
|
| 76 | + * |
|
| 77 | + * @param $string, the untrusted string to escape. |
|
| 78 | + * |
|
| 79 | + * @return $result, escaped string. |
|
| 80 | + */ |
|
| 81 | 81 | public function escapeJs($value) |
| 82 | 82 | { |
| 83 | 83 | $result = preg_replace_callback("/[\W]/", function ($matches){ |
@@ -89,11 +89,11 @@ discard block |
||
| 89 | 89 | } |
| 90 | 90 | |
| 91 | 91 | /** Escapes non-alphanumeric characters in an untrusted string for CSS input values. |
| 92 | - * |
|
| 93 | - * @param $string, the untrusted string to escape. |
|
| 94 | - * |
|
| 95 | - * @return $result, escaped string. |
|
| 96 | - */ |
|
| 92 | + * |
|
| 93 | + * @param $string, the untrusted string to escape. |
|
| 94 | + * |
|
| 95 | + * @return $result, escaped string. |
|
| 96 | + */ |
|
| 97 | 97 | public function escapeCSS($value) |
| 98 | 98 | { |
| 99 | 99 | $result = preg_replace_callback("/[\W]/", function ($matches){ |
@@ -105,20 +105,20 @@ discard block |
||
| 105 | 105 | } |
| 106 | 106 | |
| 107 | 107 | /** Escapes data that is to be inserted in a URL not the whole URL itself. |
| 108 | - * |
|
| 109 | - * @param $string, the untrusted string to escape. |
|
| 110 | - * |
|
| 111 | - * @return, escaped string. |
|
| 112 | - */ |
|
| 108 | + * |
|
| 109 | + * @param $string, the untrusted string to escape. |
|
| 110 | + * |
|
| 111 | + * @return, escaped string. |
|
| 112 | + */ |
|
| 113 | 113 | public function escapeUrl($value) |
| 114 | 114 | { |
| 115 | 115 | return rawurlencode($value); |
| 116 | 116 | } |
| 117 | 117 | |
| 118 | 118 | /** |
| 119 | - * Aliases to HTML functions for semantic value. |
|
| 120 | - * XML escaping is identical to HTML escaping. |
|
| 121 | - */ |
|
| 119 | + * Aliases to HTML functions for semantic value. |
|
| 120 | + * XML escaping is identical to HTML escaping. |
|
| 121 | + */ |
|
| 122 | 122 | public function escapeXml($value) |
| 123 | 123 | { |
| 124 | 124 | return $this->escapeHTML($value); |
@@ -64,7 +64,7 @@ discard block |
||
| 64 | 64 | */ |
| 65 | 65 | public function escapeHTMLattr($value) |
| 66 | 66 | { |
| 67 | - $result = preg_replace_callback("/[\W]/", function ($matches){ |
|
| 67 | + $result = preg_replace_callback("/[\W]/", function($matches) { |
|
| 68 | 68 | return "&#x" . bin2hex($matches[0]) . ";"; |
| 69 | 69 | }, |
| 70 | 70 | $value); |
@@ -80,7 +80,7 @@ discard block |
||
| 80 | 80 | */ |
| 81 | 81 | public function escapeJs($value) |
| 82 | 82 | { |
| 83 | - $result = preg_replace_callback("/[\W]/", function ($matches){ |
|
| 83 | + $result = preg_replace_callback("/[\W]/", function($matches) { |
|
| 84 | 84 | return "\\x" . bin2hex($matches[0]); |
| 85 | 85 | }, |
| 86 | 86 | $value); |
@@ -96,7 +96,7 @@ discard block |
||
| 96 | 96 | */ |
| 97 | 97 | public function escapeCSS($value) |
| 98 | 98 | { |
| 99 | - $result = preg_replace_callback("/[\W]/", function ($matches){ |
|
| 99 | + $result = preg_replace_callback("/[\W]/", function($matches) { |
|
| 100 | 100 | return "\\" . bin2hex($matches[0]) . " "; |
| 101 | 101 | }, |
| 102 | 102 | $value); |
