*
*= html::purify($item->title) ?> * */ static function purify($html) { return SafeString::purify($html); } /** * Flags the given string as safe to be used in HTML (free of malicious HTML/JS). * * Example:* // Parameters to t() are automatically escaped by default. * // If the parameter is marked as clean, it won't get escaped. * t('Go there', * array("url" => html::mark_clean(url::current()))) **/ static function mark_clean($html) { return SafeString::of_safe_html($html); } /** * Escapes the given string for use in JavaScript. * * Example:* **/ static function js_string($string) { return SafeString::of($string)->for_js(); } /** * Returns a string safe for use in HTML element attributes. * * Assumes that the HTML element attribute is already * delimited by single or double quotes * * Example:* ; * ** @return the string escaped for use in HTML attributes. */ static function clean_attribute($string) { return html::clean($string)->for_html_attr(); } }