PHP Classes


Recommend this page to a friend!
  Classes of Victor Bolshov  >  Safer Blitz  >  >  Download  
Role: Documentation
Content type: text/markdown
Description: Documentation
Class: Safer Blitz
Blitz template engine extension to escape values
Author: By
Last change: Added template inheritance; improvements.

Added View->extend() for template inheritance. Improved README.
Added phpunit as a dev dependency (composer); improved phpunit setup;
Date: 4 years ago
Size: 1,129 bytes


Class file image Download


A small extension to Blitz template engine, adding template inheritance and auto-escaping.

Template inheritance




{{ raw(content) }}

PHP code:

$view = new View("article.tpl");
echo $view->parse();

The output:



Initialize view:

$view = new \SaferBlitz\View;

In template:

{{ $some_variable }}

In controller:

$view->set(["some_variable" => "some nasty XSS attempt: \"><script>alert(\"XSS\");</script>"]);


some nasty XSS attempt: &quot;&gt;&lt;script&gt;alert(&quot;XSS&quot;);&lt;/script&gt;

To output variable unescaped, use _raw($var)_ template API:

{{ raw($trusted_variable) }}

If anyone appears to be interested in this project, I will probably add proper escape methods to escape attributes, CSS, JS. For now, this is out of my personal scope of use though.

For more information send a message to info at phpclasses dot org.