https://github.com/rancoud/security
Security Package
https://github.com/rancoud/security
charset composer coverage escaper packagist php php84 phpunit security
Last synced: 6 months ago
JSON representation
Security Package
- Host: GitHub
- URL: https://github.com/rancoud/security
- Owner: rancoud
- License: mit
- Created: 2018-10-22T06:50:39.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2025-04-24T00:58:20.000Z (6 months ago)
- Last Synced: 2025-05-02T07:05:09.825Z (6 months ago)
- Topics: charset, composer, coverage, escaper, packagist, php, php84, phpunit, security
- Language: PHP
- Homepage: https://packagist.org/packages/rancoud/security
- Size: 473 KB
- Stars: 0
- Watchers: 2
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md
Awesome Lists containing this project
README
# Security Package
[](https://packagist.org/packages/rancoud/security)
[](https://packagist.org/packages/rancoud/security)
[](https://github.com/rancoud/Security/blob/master/composer.json)
[](https://github.com/rancoud/security/actions/workflows/test.yml)
[](https://codecov.io/gh/rancoud/security)
Escape string to output HTML (and JS).
## Installation
```php
composer require rancoud/security
```
## How to use it?
```php
use Rancoud\Security\Security;
// When you want to escape text for HTML output.
echo '
' . Security::escHTML('alert("test");') . '
' . "\n";
// -> <script>alert("test");</script>
// When you want to escape text for HTML attribute output.
echo '
alert("test");' . "\n";
// ->
// When you want to escape text for JS output.
echo 'const value = "' . Security::escJS('";alert("test");let a="') . '";' . "\n";
// -> const value = "\x22\x3Balert\x28\x22test\x22\x29\x3Blet\x20a\x3D\x22";
// When you want to escape text for URL output.
echo Security::escURL('https://example.com') . "\n";
// -> https%3A%2F%2Fexample.com
// When you want to escape text for CSS output.
echo 'body {background-color: ' . Security::escCSS('red;} body {background-image: url("https://example.com");') . '}' . "\n";
// -> body {background-color: red\3B \7D \20 body\20 \7B background\2D image\3A \20 url\28 \22 https\3A \2F \2F example\2E com\22 \29 \3B }
// Checks if charset is supported.
Security::isSupportedCharset('ISO-8859-15');
// -> true
Security::isSupportedCharset('foo');
// -> false
```
## Security
### Main functions
Escapes text for HTML output.
```php
public static function escHTML($text, string $charset = 'UTF-8'): string
```
Escapes text for HTML attribute output.
```php
public static function escAttr($text, string $charset = 'UTF-8'): string
```
Escapes text for JS output.
```php
public static function escJS($text, string $charset = 'UTF-8'): string
```
Escapes text for URL output.
```php
public static function escURL($text, string $charset = 'UTF-8'): string
```
Escapes text for CSS output.
```php
public static function escCSS($text, string $charset = 'UTF-8'): string
```
Checks if charset is supported.
```php
public static function isSupportedCharset(string $charset): bool
```
## Supported Charsets
Charsets supported are only charsets shortlisted (see list below) which are also supported by mbstring extension.
[More info at PHP documentation](https://www.php.net/manual/en/mbstring.encodings.php) [and at the PHP libmbfl README](https://github.com/php/php-src/tree/master/ext/mbstring/libmbfl)
Charsets shortlisted:
* BIG5
* BIG5-HKSCS
* CP866
* CP932
* CP1251
* CP1252
* EUC-JP
* eucJP-win
* GB2312
* ISO-8859-1
* ISO-8859-5
* ISO-8859-15
* KOI8-R
* MacRoman
* Shift_JIS
* SJIS
* SJIS-win
* UTF-8
* Windows-1251
* Windows-1252
## How to Dev
`composer ci` for php-cs-fixer and phpunit and coverage
`composer lint` for php-cs-fixer
`composer test` for phpunit and coverage