out()
function out(?string $input, string $output_format = 'html', string $encoding = 'UTF-8'): string
Description
Safely escapes and formats a string for various output contexts. This function is essential for preventing XSS attacks by ensuring that user-supplied data is properly encoded before being rendered in HTML, XML, JSON, JavaScript, or HTML attributes. Null values are converted to empty strings.
This is the recommended function for outputting any user-generated or dynamic content in Trongate applications.
Parameters
| Parameter | Type | Description | Default |
|---|---|---|---|
| $input | ?string | The string to be escaped. Null values are converted to an empty string. | N/A |
| $output_format | string | The desired output format: 'html', 'xml', 'json', 'javascript', or 'attribute'. |
'html' |
| $encoding | string | The character encoding to use for escaping. | 'UTF-8' |
Return Value
| Type | Description |
|---|---|
| string | The escaped and formatted string ready for safe inclusion in the specified context. |