anchor()
function anchor(string $url, ?string $text = null, array $attributes = []): string
Description
Generates an anchor (<a>) tag with optional attributes and partial XSS protection.
This function creates an anchor tag pointing to a specified URL. If the $text parameter is omitted, the URL itself is used as the link text.
Important: The $text parameter is NOT escaped, allowing HTML content to be rendered as-is, while the URL and attributes are automatically escaped to prevent XSS attacks.
Parameters
| Name | Type | Description |
|---|---|---|
| $url | string | The URL to link to. This parameter is required and will be automatically escaped. |
| $text | string|null | The text content of the link (optional). If not provided, the URL itself is used. Note: This parameter is NOT escaped. |
| $attributes | array | An optional array of key-value pairs for additional attributes. These values will be automatically escaped. |
Return Value
| Type | Description |
|---|---|
| string | The complete HTML anchor tag as a string. |
Example Usage
Security Considerations
Important: The $text parameter is not automatically escaped. If displaying user-generated content, use the out() function to prevent XSS attacks.
Unsafe Example (Vulnerable to XSS):
Safe Example (Escaped Output):
Note: The $url and $attributes parameters are automatically escaped for security.