crocodile2u/safer-blitz

There is no license information available for the latest version (1.1.1) of this package.

Maintainers

Details

github.com/crocodile2u/safer-blitz

Source

Issues

Installs: 13

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

1.1.1 2018-02-01 14:59 UTC

Requires

  • ext-blitz: *

Requires (Dev)

Unknown License d862b7c5f777154b7499a463ccca038c7796fc32

This package is auto-updated.

Last update: 2024-11-14 23:12:06 UTC

README

A small extension to Blitz template engine, adding template inheritance and auto-escaping.

Template inheritance

article.tpl:

<article>text</article>

layout.tpl:

<header/>
{{ raw(content) }}
<footer/>

PHP code:

$view = new View("article.tpl");
$view->extend("layout.tpl");
echo $view->parse();

The output:

<header/>
<article>text</article>
<footer/>

Auto-escaping

Initialize view:

$view = new \SaferBlitz\View;

In template:

{{ $some_variable }}

In controller:

$view->set(["some_variable" => "some nasty XSS attempt: \"><script>alert(\"XSS\");</script>"]);
$view->display();

Result:

some nasty XSS attempt: &quot;&gt;&lt;script&gt;alert(&quot;XSS&quot;);&lt;/script&gt;

To output variable unescaped, use raw($var) template API:

{{ raw($trusted_variable) }}

If anyone appears to be interested in this project, I will probably add proper escape methods to escape attributes, CSS, JS. For now, this is out of my personal scope of use though.