CakePHP: h () vs Sanitize :: html ()

Question

CakePHP: h () vs Sanitize :: html ()

CakePHP has a global function called h . This is a convenient method for htmlspecialchars . CakePHP also has a Sanitize utility that has an html method. Here is part of his description:

This method prepares user data for display inside HTML. This is especially useful if you do not want users to be able to layout or paste images or scripts inside your HTML pages.

When should everyone be used? Better than the other?

+4

sanitization cakephp

Nick Jun 18 '13 at 2:08

source share

1 answer

Costa · Accepted Answer · 2013-06-18T03:26:10+0000

Sanitize::html() more universal: it allows you to completely remove HTML (using the remove option) and allows you to specify how it handles the citation.

See source code:
h() : http://api.cakephp.org/2.3/source-function-h.html#160-199
Sanitize::html() : http://api.cakephp.org/2.3/source-class-Sanitize.html#83-122

EDIT:
h() : calls htmlspecialchars()
Sanitize::html() : calls htmlentities()

For a discussion of the differences, see: htmlentities () vs. htmlspecialchars ()

CakePHP: h () vs Sanitize :: html ()

More articles: