entermotion/eurl

This package aims to deliver a good set of functions to easily escape URLs that will be used on HTML

Maintainers

Details

github.com/entermotion/eurl

Source

Issues

Installs: 7 015

Dependents: 0

Suggesters: 0

Security: 0

Stars: 2

Watchers: 10

Forks: 1

Open Issues: 5

dev-master 2022-05-16 17:50 UTC

Requires

  • php: >=7.0

Requires (Dev)

MIT 069b6f19bdde9a99fece83ff34bdc7a5d88461b2

  • Gabriel Felipe <email.woop@gabrielfelipe.com>

This package is not auto-updated.

Last update: 2024-10-01 12:11:32 UTC

README

This package aims to deliver a good way to easily escape URLs that will be used on HTML attributes.

You should not use this package to generate URLs, ideally the URLs received here would already be escaped and safe. This project doesn't aim to encode your URL and make it browser compatible.

Goals:

  • Prevent XSS attacks
  • Avoid at maximum changing and therefore possibly break the URLs

Usage:

use eURL\Functions as eurl

$userInput = $_POST['href'];
$href = eurl\e($userInput);
$safeATag = "<a href='".$href."'>".htmlspecialchars($href)."</a>";
echo $safeATag;

Running tests:

To run the tests you must install the composer dependencies and then run:

vendor/bin/phpunit tests/TestUrls.php

Running tests with Docker:

  • Run container: docker-compose -f docker-compose_php81.yml run php sh
  • Change directory: cd /var/www/html
  • Install dependencies: composer install
  • Run tests: vendor/bin/phpunit tests/TestUrls.php