Example 4 - Make it safely

PbTpl is a tool designed to simplify the use of simple find-replace.

The use is not only on HTML strings, but is intended for text files of all kinds.

And of course, nesting templates is a normal use case. For this reason, there must be no automatic masking of strings inserted into templates.

But in many cases it will be necessary to transform the passed parameters before or during the transfer.

The class PbClasses\Util\Filter can be used for this purpose, for example to prevent HTML code from being injected into the output.

Bad values

abdde
Bold HTML, that we don't want to see

Secured values

abdde
<b>Bold HTML</b>, that we don't want to see
<script>alert("Hello")</script>

Secured values and Capitalization

Further manipulation with the Filter class

ABDDE
<B>BOLD HTML</B>, THAT WE DON'T WANT TO SEE
<SCRIPT>ALERT("HELLO")</SCRIPT>

PHP-Code


<?php
use PbClasses\PbTpl;
use PbClasses\Util\Filter;



try {
    $c = new PbTpl('./templates/content_04.tpl');
    $myList = [
        'abdde',
        "<b>Bold HTML</b>, that we don't want to see",
        '<script>alert("Hello")</script>'
    ];
    
    
    
    $seRe = [
        'bad_list' => $c->fillRowTpl('list_item', 'entry' , $myList),
        // public static function numericArr($arr, $filters = 'SPECIAL_CHARS') {
        'secured_list' => $c->fillRowTpl('list_item', 'entry' , Filter::numericArr($myList)),
       'secured_uppercase_list' => $c->fillRowTpl('list_item', 'entry' , Filter::numericArr($myList, 'SPECIAL_CHARS,STRTOUPPER')),
         
    ];
    return $c->fillTpl('content', $seRe);
    
} catch (\Exception $exc) {
    echo $exc->getMessage();
    exit;
}

Template-Code


[content]
<h2>Bad values</h2>        
<ul>
    {BAD_LIST}
</ul>

<h2>Secured values</h2>        
<ul>
    {SECURED_LIST}
</ul>


<h2>Secured values and Capitalization</h2>
<p>Further manipulation with the Filter class</p>
<ul>
    {SECURED_UPPERCASE_LIST}
</ul>

###########

[list_item]
<li>{ENTRY}</li>