I need help in understanding the actual actions of a hel开发者_JAVA技巧per function in Zend Framework.
I need someone to explain to me what $this->escape($string) actually does to the string passed to it before printing the string into the template.
$this->escape() escapes a string according to settings you can provide with $this->setEscape('functionname'), by default it is PHP's htmlspecialchars function.
http://framework.zend.com/manual/en/zend.view.scripts.html
It calls the htmlspecialchars PHP function.
The translations performed are:
- '&' (ampersand) becomes '&'
- '"' (double quote) becomes '"'
- '<' (less than) becomes '<'
- '>' (greater than) becomes '>'
Over at the PiKe project we build a custom stream wrapper that automatically escapes all view variables to be safe by default against XSS, with a MINIMAL performance hit! You can still get the RAW value with:
<?=~ $variable ?>
Notice the "~" character. Checkout http://code.google.com/p/php-pike/wiki/Pike_View_Stream
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论