Skip to content

Commit

Permalink
Merge pull request #2 from jakubboucek/jb-noescape
Browse files Browse the repository at this point in the history
Add unescape()
  • Loading branch information
jakubboucek authored Sep 11, 2021
2 parents 88f13a8 + 1ec0da2 commit 39af2c5
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 1 deletion.
2 changes: 1 addition & 1 deletion .github/workflows/code_analysis.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ jobs:
strategy:
fail-fast: false
matrix:
php: ['7.3', '7.4', '8.0']
php: ['7.3', '7.4', '8.0', '8.1']
actions:
- name: PHPStan
run: composer phpstan
Expand Down
9 changes: 9 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,15 @@ echo '<style>color: ' . \JakubBoucek\Escape\EscapeCss::color($cssColor) . ';</st
It's prevent attact by escaping color value context.
## Output without any escaping
In some cases you intentionally want to output variable without any escaping, but somebody other or your future self may
mistakenly believe you forgot to escape it. Here you can use `noescape()` method to mark code as intentionally unescaped.
```php
echo \JakubBoucek\Escape\Escape::noescape($htmlContent);
```
## FAQ
### Is it support for escaping SQL query?
Expand Down
11 changes: 11 additions & 0 deletions src/Escape.php
Original file line number Diff line number Diff line change
Expand Up @@ -100,4 +100,15 @@ public static function url($url): string
{
return urlencode((string)$url);
}

/**
* Just returns argument as is without any escaping
* Method is useful to mark code as intentionally unescaped as opposed to simple neglected
* @param string|mixed $url
* @return string
*/
public static function noescape($url): string
{
return (string)$url;
}
}

0 comments on commit 39af2c5

Please sign in to comment.