tagged/out

Terse output functions for effortless php templating.

1.0.3 2014-06-27 18:56 UTC

This package is not auto-updated.

Last update: 2024-12-17 02:49:03 UTC


README

Motivated by the need to easily construct properly formatted php templates, the out library provides terse output functions for all HTML5 contexts: text, html, script, style and CDATA. It also ensures consistent character encoding by assuming UTF-8 will be used everywhere, and replacing (or removing) all invalid characters with the unicode replacement character, '�'.

Build Status

example

<?php

// blog post submitted by user
$userName  = '</script> I am an xss attacker';
$postTitle = 'I pwn you <script>pwn(home)</script>';
$postBody  = '<p>This html block <em>MUST</em> be well scrubbed or come from a trusted source.</p>';
$customCss = 'background:black;color:white;</style> XSS here';
$cdata     = 'Who uses this?';

?>
<!DOCTYPE html>
<html>
<head>
  <title><?php out\text(sprintf(_('Blog post: %s'), $postTitle)) ?></title>
  <style>
    <?php out\style($customCss) ?>
  </style>
</head>
<body>
  <h1><?php out\text($postTitle) ?></h1>
  <div id="post-body">
    <?php out\html($postBody) ?>
  </div>
  <script>
    initApp(<?php out\script(json_encode($userName))) ?>)
  </script>
  <![CDATA[<?php out\cdata($cdata) ?>]]>
</body>
</html>

install

Add to composer.json from packagist.

composer require tagged/out:*

The out library is included with the composer autoloader.

require 'vendor/autoload.php';

usage

output functions

All output functions write directly to stdout.

Write html-escaped text with out\text

<h1>Hello <?php out\text($name) ?></h1>

<img src="<?php out\text($image_url) ?>">

Write raw html with out\html

<div id="content">
    <?php out\html($content_html) ?>
</div>

Write data into a script block with out\script

<script>
    var data = <?php out\script(json_encode($data)) ?>;
</script>

Write data into a style block with out\style

<style>
    <?php out\style($css) ?>
</style>

Write data into a cdata block with out\cdata

<![CDATA[
    <?php out\cdata($character_data) ?>
]]>

string functions

All string functions return the result as a string. Every output function has a corresponding string function.

$encodedName = out\stext($name);
$content     = out\shtml($content_html);
$scriptData  = out\sscript(json_encode($data));
$styleData   = out\sstyle($css);
$cdataData   = out\scdata($character_data);

test

phpunit