e_parse::toAttributes(): New API to concatenate HTML attributes

Browse Source

`e_parse::toAttributes()` is an expansion of the formerly private method
`e_form::attributes()`. Now, all client code can use
`e_parse::toAttributes()` to make it easy to concatenate variable-length
HTML attributes. Values are guaranteed to be encoded so that they cannot
escape an HTML attribute value.

All client code usages are encouraged to build HTML tags with this new
method to prevent cross-site scripting (XSS) attacks and prevent
breaking the HTML validity due to improperly escaped HTML attributes.

This new method is an extension to `e_parse::toAttribute()`, which
escaped one single HTML attribute value.

...

This commit is contained in:

Nick Liu

2022-02-06 16:49:56 +01:00

parent 2097778cc5

commit 169efa09b9

3 changed files with 3220 additions and 3088 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

1424

e107_handlers/e_parse_class.php

File diff suppressed because it is too large Load Diff