Terse output functions for effortless php templating.

1.0.3 2014-06-27 18:56 UTC


Motivated by the need to easily construct properly formatted php templates, the out library provides terse output functions for all HTML5 contexts: text, html, script, style and CDATA. It also ensures consistent character encoding by assuming UTF-8 will be used everywhere, and replacing (or removing) all invalid characters with the unicode replacement character, '�'.

Build Status



// blog post submitted by user
$userName  = '</script> I am an xss attacker';
$postTitle = 'I pwn you <script>pwn(home)</script>';
$postBody  = '<p>This html block <em>MUST</em> be well scrubbed or come from a trusted source.</p>';
$customCss = 'background:black;color:white;</style> XSS here';
$cdata     = 'Who uses this?';

<!DOCTYPE html>
  <title><?php out\text(sprintf(_('Blog post: %s'), $postTitle)) ?></title>
    <?php out\style($customCss) ?>
  <h1><?php out\text($postTitle) ?></h1>
  <div id="post-body">
    <?php out\html($postBody) ?>
    initApp(<?php out\script(json_encode($userName))) ?>)
  <![CDATA[<?php out\cdata($cdata) ?>]]>


Add to composer.json from packagist.

composer require tagged/out:*

The out library is included with the composer autoloader.

require 'vendor/autoload.php';


output functions

All output functions write directly to stdout.

Write html-escaped text with out\text

<h1>Hello <?php out\text($name) ?></h1>

<img src="<?php out\text($image_url) ?>">

Write raw html with out\html

<div id="content">
    <?php out\html($content_html) ?>

Write data into a script block with out\script

    var data = <?php out\script(json_encode($data)) ?>;

Write data into a style block with out\style

    <?php out\style($css) ?>

Write data into a cdata block with out\cdata

    <?php out\cdata($character_data) ?>

string functions

All string functions return the result as a string. Every output function has a corresponding string function.

$encodedName = out\stext($name);
$content     = out\shtml($content_html);
$scriptData  = out\sscript(json_encode($data));
$styleData   = out\sstyle($css);
$cdataData   = out\scdata($character_data);