|
Perforce Chronicle 2012.2/486814
API Documentation
|
View helper for escaping untrusted data before inserting them into a javascript data values. More...
Public Member Functions | |
| escapeJs ($value) | |
| Returns escaped value that can be safely inserted into a javascript data value. | |
Protected Member Functions | |
| _format ($ordinalValue) | |
| Convert character represented by its ordinal value into if ordinal value less than 256 or into if ordinal value > 255. | |
Protected Attributes | |
| $_safeChars = array(',', '.', '_') | |
View helper for escaping untrusted data before inserting them into a javascript data values.
| P4Cms_View_Helper_EscapeJs::_format | ( | $ | ordinalValue | ) | [protected] |
Convert character represented by its ordinal value into if ordinal value less than 256 or into if ordinal value > 255.
| int | $ordinalValue | Ordinal value to format. |
Reimplemented from P4Cms_View_Helper_EscapeAbstract.
{
$hex = strtoupper(dechex($ordinalValue));
if ($ordinalValue < 256) {
$padLength = 2;
$prefix = "\\x";
} else {
$padLength = 4;
$prefix = "\\u";
}
return $prefix . str_pad($hex, $padLength, "0", STR_PAD_LEFT);
}
| P4Cms_View_Helper_EscapeJs::escapeJs | ( | $ | value | ) |
Returns escaped value that can be safely inserted into a javascript data value.
Untrusted data should be escaped before inserting them into html javascript data values:
<script>alert('...ESCAPE_JS...')</script> inside a quoted string <script>x='...ESCAPE_JS...'</script> one side of a quoted expression <div onmouseover="x='...ESCAPE_JS...'" inside quoted event handler
| string | $value | Value to escape. |
{
return $this->_encode($value);
}
P4Cms_View_Helper_EscapeJs::$_safeChars = array(',', '.', '_') [protected] |
Reimplemented from P4Cms_View_Helper_EscapeAbstract.