PHP Classes
elePHPant
Icontem

Safer Blitz: Blitz template engine extension to escape values

Recommend this page to a friend!
  Info   View files Documentation   View files View files (9)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog    
Last Updated Ratings Unique User Downloads Download Rankings
2018-02-06 (3 months ago) RSS 2.0 feedNot enough user ratingsTotal: 55 All time: 9,162 This week: 513Up
Version License PHP version Categories
safer-blitz 1.0MIT/X Consortium ...7HTML, Templates, PHP 7
Description Author

This package is a Blitz template engine extension to escape values.

It provides a extension classes that can escape template values for displaying in HTML pages.

Regular template values are encoded but the values that are not meant to be escaped can be passed verbatim to the template output without encoding by using the raw command.

  Performance   Level  
Name: Victor Bolshov <contact>
Classes: 10 packages by
Country: Russian Federation Russian Federation
Age: 39
All time rank: 43311 in Russian Federation Russian Federation
Week rank: 420 Up15 in Russian Federation Russian Federation Down
Innovation award
Innovation award
Nominee: 2x

Details

safer-blitz

A small extension to Blitz template engine, adding template inheritance and auto-escaping.

Template inheritance

article.tpl:

<article>text</article>

layout.tpl:

<header/>
{{ raw(content) }}
<footer/>

PHP code:

$view = new View("article.tpl");
$view->extend("layout.tpl");
echo $view->parse();

The output:

<header/>
<article>text</article>
<footer/>

Auto-escaping

Initialize view:

$view = new \SaferBlitz\View;

In template:

{{ $some_variable }}

In controller:

$view->set(["some_variable" => "some nasty XSS attempt: \"><script>alert(\"XSS\");</script>"]);
$view->display();

Result:

some nasty XSS attempt: &quot;&gt;&lt;script&gt;alert(&quot;XSS&quot;);&lt;/script&gt;

To output variable unescaped, use _raw($var)_ template API:

{{ raw($trusted_variable) }}

If anyone appears to be interested in this project, I will probably add proper escape methods to escape attributes, CSS, JS. For now, this is out of my personal scope of use though.

  Files folder image Files  
File Role Description
Files folder imagesrc (1 directory)
Files folder imagetest (2 files, 1 directory)
Accessible without login Plain text file composer.json Data Auxiliary data
Accessible without login Plain text file composer.lock Data Auxiliary data
Accessible without login Plain text file phpunit.xml Data Auxiliary data
Accessible without login Plain text file README.md Doc. Documentation

  Files folder image Files  /  src  
File Role Description
Files folder imageSaferBlitz (2 files)

  Files folder image Files  /  src  /  SaferBlitz  
File Role Description
  Plain text file StringContainer.php Class Class source
  Plain text file View.php Class Class source

  Files folder image Files  /  test  
File Role Description
Files folder imageresources (1 file)
  Accessible without login Plain text file bootstrap.php Aux. Auxiliary script
  Plain text file ViewTest.php Class Class source

  Files folder image Files  /  test  /  resources  
File Role Description
  Accessible without login Plain text file inc.tpl Data Auxiliary data

 Version Control Unique User Downloads Download Rankings  
 100%
Total:55
This week:0
All time:9,162
This week:513Up