/ */ class P4Cms_View_Helper_EscapeAttr extends P4Cms_View_Helper_EscapeAbstract { protected $_safeChars = array(',', '.', '-', '_'); /** * Extend constructor to initilize list of illegal characters. */ public function __construct() { // set list with illegal characters represented by their ordinal numbers for ($i = 1; $i < 32; $i++) { if ($i != 9 // tab && chr($i) != "\n" && chr($i) != "\r" ) { $this->_illegalOrd[] = $i; } } parent::__construct(); } /** * Returns escaped value that can be safely inserted into an html common attribute. * * Untrusted data should be escaped before inserting them * into html common attributes: * *

content

inside unquoted attribute *

content

inside single quoted attribute *

content

inside double quoted attribute * * This should not be used for complex attributes like href, * src, style, or any of the event handlers like onmouseover. * * @param string $value Value to escape. * @return string Escaped value safe to insert into an html attribute. */ public function escapeAttr($value) { return $this->_encode($value); } /** * Convert character represented by its ordinal value into &#xHH; format. * * @param int $ordinalValue Ordinal value to format. */ protected function _format($ordinalValue) { $hex = dechex($ordinalValue); return '&#x' . $hex . ';'; } }