public static function noHTML(string $untrusted) : string
{
return \htmlspecialchars($untrusted, ENT_QUOTES | ENT_HTML5, 'UTF-8');
}
/** * Insert a CSRF token to a form * * @param string $lockTo This CSRF token is only valid for this HTTP request endpoint * @param bool $echo if true, echo instead of returning * @return string */ public function insertToken(string $lockTo = '', bool $echo = true) : string { $ret = '<input type="hidden"' . ' name="' . Util::noHTML(self::FORM_TOKEN) . '"' . ' value="' . $this->getTokenString($lockTo) . '"' . ' />'; if ($echo) { echo $ret; return ''; } return $ret; }