crocodile2u / safer-blitz
Installs: 13
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
pkg:composer/crocodile2u/safer-blitz
Requires
- ext-blitz: *
Requires (Dev)
- phpunit/phpunit: ^6.5
This package is auto-updated.
Last update: 2025-10-15 00:57:15 UTC
README
A small extension to Blitz template engine, adding template inheritance and auto-escaping.
Template inheritance
article.tpl:
<article>text</article>
layout.tpl:
<header/> {{ raw(content) }} <footer/>
PHP code:
$view = new View("article.tpl"); $view->extend("layout.tpl"); echo $view->parse();
The output:
<header/> <article>text</article> <footer/>
Auto-escaping
Initialize view:
$view = new \SaferBlitz\View;
In template:
{{ $some_variable }}
In controller:
$view->set(["some_variable" => "some nasty XSS attempt: \"><script>alert(\"XSS\");</script>"]); $view->display();
Result:
some nasty XSS attempt: "><script>alert("XSS");</script>
To output variable unescaped, use raw($var) template API:
{{ raw($trusted_variable) }}
If anyone appears to be interested in this project, I will probably add proper escape methods to escape attributes, CSS, JS. For now, this is out of my personal scope of use though.