You are here

public function Escaper::escapeJs in Zircon Profile 8.0

Same name and namespace in other branches
  1. 8 vendor/zendframework/zend-escaper/src/Escaper.php \Zend\Escaper\Escaper::escapeJs()

Escape a string for the Javascript context. This does not use json_encode(). An extended set of characters are escaped beyond ECMAScript's rules for Javascript literal string escaping in order to prevent misinterpretation of Javascript as HTML leading to the injection of special characters and entities. The escaping used should be tolerant of cases where HTML escaping was not applied on top of Javascript escaping correctly. Backslash escaping is not used as it still leaves the escaped character as-is and so is not useful in a HTML context.

Parameters

string $string:

Return value

string

File

vendor/zendframework/zend-escaper/src/Escaper.php, line 182

Class

Escaper
Context specific methods for use in secure output escaping

Namespace

Zend\Escaper

Code

public function escapeJs($string) {
  $string = $this
    ->toUtf8($string);
  if ($string === '' || ctype_digit($string)) {
    return $string;
  }
  $result = preg_replace_callback('/[^a-z0-9,\\._]/iSu', $this->jsMatcher, $string);
  return $this
    ->fromUtf8($result);
}