Can you recommend any good solution for automatic view variable escaping for Zend Framework 1.x?
I have tried so far:
$this->var->object()->string
view streams, similar to Rob Allen's escaper, but parsing syntax with regex always fails
分享 if i would think to make an automatic escaper i would create a ZF plugin that run in postDispatch :
postDispatch() is called after an action is dispatched by the dispatcher. This callback allows for proxy or filter behavior. By altering the request and resetting its dispatched flag (via Zend_Controller_Request_Abstract::setDispatched(false)), a new action may be specified for dispatching. source
mybe some use of htmlprifier would be a smart job :)
class Automatic_Escaper extends Zend_Controller_Plugin_Abstract{
public function postDispatch(Zend_Controller_Request_Abstract $request)
{
$response = $this->getResponse();
$htmlpurifier = Zend_Registry::get('purifier');
$safe = $htmlpurifier->purify($response);
return $this->setResponse($safe);
}
}
I hope I explained my idea regardless of the status the sample above .
分享
