WarpConduit Computing

  • Quick Tips
  • Web Design & Development
  • Graphic Design
  • Home
  • WordPress Plugins
  • Password Generator
  • About

Escape HTML Function for Browser Output Prevents XSS (Cross-Site Scripting)

April 20, 2013 by Josh Hartman

I don’t know about you but my fingers get tired of escaping output by typing the long-winded htmlspecialchars($str, ENT_QUOTES, 'UTF-8'); over and over again in small PHP projects that don’t need a full-blown framework with automatic output filtering (e.g. CodeIgniter). No matter how small your project is though filtering your output is extremely important so that you prevent malicious users from executing XSS (Cross-Site Scripting) JavaScript code.

So I decided to give my fingers some relief and finally write a short little helper function and share it. See the code and example in the gist below.

Filed Under: Web Design & Development Tagged With: escape, function, helper, html, htmlspecialchars, output, php, xss

Connect

  • Facebook
  • GitHub
  • RSS
  • Twitter
  • YouTube

Recent Posts

  • Preserve your MySQL Databases Between Destroy and Up with Vagrant + PuPHPet on Windows
  • Configuring Exim for Authenticated SMTP Relay to Gmail on CentOS/RHEL
  • Adding Custom Fonts to the Beaver Builder Child Theme Customizer

Tags

automatic base64 benchmark cache counter css deflate email font gzip htaccess html image inarray increment inline images in_array javascript jquery link list magento mailto menu metadot mysql number obfuscation opencart operating system order php random redirect rewriterule slashes software timestamp ubuntu unix upgrade url windows windows 7 wordpress

Blogroll

  • CodeIgniter
  • Fusion Forward
  • jQuery
  • Nettuts+
  • Smashing Magazine

© 2019 WarpConduit Computing. All Rights Reserved.