Commits

kenjis committed 96829d8

CI_View_Var class improvements

1. add purify() method to CI_View_Var class for HTML purification
2. change method name of CI_View_Var class from escape_js() to escape_js_str() and use escape_js_str() helper function
3. Now you can pass objects to views as it is

Comments (0)

Files changed (1)

system/core/Loader.php

 		{
 			foreach ($this->_ci_cached_vars as $key => $val)
 			{
-				$$key = $this->_ci_set_view_object($val);
+				if (is_object($val))
+				{
+					$$key = $val;
+				}
+				else
+				{
+					$$key = $this->_ci_set_view_object($val);
+				}
 			}
 		}
 		else
 	}
 	
 	/**
-	 * Unicode Escaping for JavaScript
+	 * Escape for JavaScript String Literal
 	 * 
-	 * This method is used by escape_js() method.
-	 * 
-	 * @access	protected
-	 * @param	array
-	 * @return	string
-	 */
-	protected function unicode_escape($matches)
-	{
-		$u16 = iconv(config_item('charset'), 'UTF-16', $matches[0]);
-		return preg_replace('/[0-9a-f]{4}/', '\u$0', bin2hex($u16));
-	}
-	
-	/**
-	 * Escape for JavaScript Generation
-	 * 
-	 * This method is used to escape JavaScript dynamic generation.
-	 * Use variables inside <script> tag or event handler like
+	 * This method is used to escape JavaScript string literal.
+	 * Use to output string literal inside <script> tag or event handler like
 	 * inside <body onload="...">.
 	 * Thanks to #wasbook <http://www.hash-c.co.jp/wasbook/>.
 	 * 
 	 * @access	public
 	 * @return	string
 	 */
-	public function escape_js()
+	public function escape_js_str()
 	{
-		return preg_replace_callback('/[^-\.0-9a-zA-Z]+/u', 
-										array($this, 'unicode_escape'), $this->val);
+		if ( ! function_exists('escape_js_str'))
+		{
+			$CI =& get_instance();
+			$CI->load->helper('output');
+		}
+		return escape_js_str($this->val);
+	}
+	
+	/**
+	 * Purify HTML
+	 * 
+	 * Purify HTML string by HTML purifier <http://htmlpurifier.org/>.
+	 * 
+	 * @access	public
+	 * @return	string
+	 */
+	public function purify()
+	{
+		if ( ! function_exists('purify'))
+		{
+			$CI =& get_instance();
+			$CI->load->helper('htmlpurifier');
+		}
+		return purify($this->val);
 	}
 }
 // END CI_View_Var Class