CRM_Utils_API_HTMLInputCoder
class CRM_Utils_API_HTMLInputCoder extends CRM_Utils_API_AbstractFieldCoder
This class captures the encoding practices of CRM-5667 in a reusable fashion. In this design, all submitted values are partially HTML-encoded before saving to the database. If a DB reader needs to output in non-HTML medium, then it should undo the partial HTML encoding.
This class should be short-lived -- 4.3 should introduce an alternative escaping scheme and consequently remove HTMLInputCoder.
Methods
array
getSkipFields()
Get skipped fields.
encodeInput(array|string $values, bool $castToString = FALSE)
going to filter the submitted values across XSS vulnerability.
mixed
decodeOutput(string $values, bool $castToString = FALSE)
No description
array
toApiOutput(array $apiRequest, array $result)
No description
static CRM_Utils_API_HTMLInputCoder
singleton()
No description
Details
at line 64
array
getSkipFields()
Get skipped fields.
in CRM_Utils_API_AbstractFieldCoder at line 61
bool
isSkippedField(string $fldName)
Is field skipped.
at line 126
encodeInput(array|string $values, bool $castToString = FALSE)
going to filter the submitted values across XSS vulnerability.