Sceluswe /
XSS-Escaper
@@ -64,7 +64,7 @@ discard block |
||
| 64 | 64 | */ |
| 65 | 65 | public function escapeHTMLattr($value) |
| 66 | 66 | { |
| 67 | - $result = preg_replace_callback("/[\W]/", function ($matches){ |
|
| 67 | + $result = preg_replace_callback("/[\W]/", function($matches) { |
|
| 68 | 68 | return "&#x" . bin2hex($matches[0]) . ";"; |
| 69 | 69 | }, |
| 70 | 70 | $value); |
@@ -80,7 +80,7 @@ discard block |
||
| 80 | 80 | */ |
| 81 | 81 | public function escapeJs($value) |
| 82 | 82 | { |
| 83 | - $result = preg_replace_callback("/[\W]/", function ($matches){ |
|
| 83 | + $result = preg_replace_callback("/[\W]/", function($matches) { |
|
| 84 | 84 | return "\\x" . bin2hex($matches[0]); |
| 85 | 85 | }, |
| 86 | 86 | $value); |
@@ -96,7 +96,7 @@ discard block |
||
| 96 | 96 | */ |
| 97 | 97 | public function escapeCSS($value) |
| 98 | 98 | { |
| 99 | - $result = preg_replace_callback("/[\W]/", function ($matches){ |
|
| 99 | + $result = preg_replace_callback("/[\W]/", function($matches) { |
|
| 100 | 100 | return "\\" . bin2hex($matches[0]) . " "; |
| 101 | 101 | }, |
| 102 | 102 | $value); |
@@ -25,6 +25,7 @@ discard block |
||
| 25 | 25 | /** Sets the used charset for the esacpeHTML and escapeXML function. |
| 26 | 26 | * |
| 27 | 27 | * @param $value, the string/value to escape. |
| 28 | + * @param string $value |
|
| 28 | 29 | * |
| 29 | 30 | */ |
| 30 | 31 | public function setEncoding($value) |
@@ -35,7 +36,7 @@ discard block |
||
| 35 | 36 | |
| 36 | 37 | /** Returns the used charset for the esacpeHTML and escapeXML function. |
| 37 | 38 | * |
| 38 | - * @return the current charset as a string. |
|
| 39 | + * @return string current charset as a string. |
|
| 39 | 40 | */ |
| 40 | 41 | public function getEncoding() |
| 41 | 42 | { |
@@ -75,6 +76,7 @@ discard block |
||
| 75 | 76 | /** Escapes non-alphanumeric characters in an untrusted string for JS input values. |
| 76 | 77 | * |
| 77 | 78 | * @param $string, the untrusted string to escape. |
| 79 | + * @param string $value |
|
| 78 | 80 | * |
| 79 | 81 | * @return $result, escaped string. |
| 80 | 82 | */ |
@@ -91,6 +93,7 @@ discard block |
||
| 91 | 93 | /** Escapes non-alphanumeric characters in an untrusted string for CSS input values. |
| 92 | 94 | * |
| 93 | 95 | * @param $string, the untrusted string to escape. |
| 96 | + * @param string $value |
|
| 94 | 97 | * |
| 95 | 98 | * @return $result, escaped string. |
| 96 | 99 | */ |
@@ -107,6 +110,7 @@ discard block |
||
| 107 | 110 | /** Escapes data that is to be inserted in a URL not the whole URL itself. |
| 108 | 111 | * |
| 109 | 112 | * @param $string, the untrusted string to escape. |
| 113 | + * @param string $value |
|
| 110 | 114 | * |
| 111 | 115 | * @return, escaped string. |
| 112 | 116 | */ |
@@ -118,12 +122,16 @@ discard block |
||
| 118 | 122 | /** |
| 119 | 123 | * Aliases to HTML functions for semantic value. |
| 120 | 124 | * XML escaping is identical to HTML escaping. |
| 125 | + * @param string $value |
|
| 121 | 126 | */ |
| 122 | 127 | public function escapeXml($value) |
| 123 | 128 | { |
| 124 | 129 | return $this->escapeHTML($value); |
| 125 | 130 | } |
| 126 | 131 | |
| 132 | + /** |
|
| 133 | + * @param string $value |
|
| 134 | + */ |
|
| 127 | 135 | public function escapeXmlAttr($value) |
| 128 | 136 | { |
| 129 | 137 | return $this->escapeHTMLattr($value); |
@@ -11,7 +11,7 @@ |
||
| 11 | 11 | * @param string $class The fully-qualified class name. |
| 12 | 12 | * @return void |
| 13 | 13 | */ |
| 14 | -spl_autoload_register(function ($class) { |
|
| 14 | +spl_autoload_register(function($class) { |
|
| 15 | 15 | |
| 16 | 16 | // project-specific namespace prefix |
| 17 | 17 | //$prefix = 'Foo\\Bar\\'; |
