* */ static function clean($html) { return new SafeString($html); } /** * Returns a string that is safe to be used in HTML (XSS protection), * purifying (filtering) the given HTML to ensure that the result contains * only non-malicious HTML. * * Example:

   *   
title) ?>
   * 

*/ static function purify($html) { return SafeString::purify($html); } /** * Flags the given string as safe to be used in HTML (free of malicious HTML/JS). * * Example:

   *   // Parameters to t() are automatically escaped by default.
   *   // If the parameter is marked as clean, it won't get escaped.
   *   t('Go there',
   *     array("url" => html::mark_clean(url::current())))
   * 

*/ static function mark_clean($html) { return SafeString::of_safe_html($html); } /** * Escapes the given string for use in JavaScript. * * Example:

   *   
   * 

*/ static function js_string($string) { return SafeString::of($string)->for_js(); } /** * Returns a string safe for use in HTML element attributes. * * Assumes that the HTML element attribute is already * delimited by single or double quotes * * Example:

   *     ;
   *   
   * 

* @return the string escaped for use in HTML attributes. */ static function clean_attribute($string) { return html::clean($string)->for_html_attr(); } }