zend-escaper
zend-escaper copied to clipboard
zendframework
Escaper component from Zend Framework
This issue has been moved from the `zendframework` repository as part of the bug migration program as outlined here - http://framework.zend.com/blog/2016-04-11-issue-closures.html --- Original Issue: https://api.github.com/repos/zendframework/zendframework/issues/7681 User: @mkEmperor Created On: 2016-03-03T15:20:23Z...
This issue has been moved from the `zendframework` repository as part of the bug migration program as outlined here - http://framework.zend.com/blog/2016-04-11-issue-closures.html --- Original Issue: https://api.github.com/repos/zendframework/zendframework/issues/7621 User: @esase Created On: 2015-08-28T16:08:25Z...
This issue has been moved from the `zendframework` repository as part of the bug migration program as outlined here - http://framework.zend.com/blog/2016-04-11-issue-closures.html --- Original Issue: https://api.github.com/repos/zendframework/zendframework/issues/7550 User: @phpManiac77 Created On: 2015-05-25T13:32:36Z...
Which requires escaping a large number of characters in attributes? [`[^a-z0-9,\.\-_]`](https://github.com/zendframework/zend-escaper/blob/master/src/Escaper.php#L162) URL's in html looks ugly and are larger than possible ```html ```
OWASP [recommends](https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content) escaping the forward slash character in addition to the other characters normally escaped with PHP's `htmlspecialchars()` method. Any thought to adding that to the `escapeHTML()` method?
- [x] I was not able to find an [open](https://github.com/zendframework/zend-escaper/issues?q=is%3Aopen) or [closed](https://github.com/zendframework/zend-escaper/issues?q=is%3Aclosed) issue matching what I'm seeing. - [x] This is not a question. (Questions should be asked on [chat](https://zendframework.slack.com/)...
