added view & escape functionality

qolarnix · Feb 12, 2024 · 9ab7024 · 9ab7024
1 parent 70420d2
commit 9ab7024
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 5 deletions.
diff --git a/examples/components/header.php b/examples/components/header.php
@@ -0,0 +1,6 @@
+<h1><?php echo $title; ?></h1>
+<p><?php echo $desc; ?></p>
+
+<?php 
+    echo $view->escape($htmlval);
+?>
diff --git a/examples/index.php b/examples/index.php
@@ -11,5 +11,7 @@
 $template = new TemplateEngine($config);
 
 echo $template->render('header', [
-    'title' => 'my title',
+    'title' => 'test',
+    'desc' => 'lorem ipsum dolor sit amet',
+    'htmlval' => '<script>alert(1);</script>'
 ]);
diff --git a/src/TemplateEngine.php b/src/TemplateEngine.php
@@ -13,6 +13,9 @@ public function render(string $slug, array $args = []) {
         $slug = $slug.'.php';
         $paths = $this->config;
 
+        $view = new View();
+        array_push($args, $view);
+
         $paths = array_map(function($path) use ($slug) {
             return $path . '/' . $slug;
         }, $paths);
@@ -33,14 +36,16 @@ public function render(string $slug, array $args = []) {
         }
 
         extract($args, EXTR_SKIP);
-        foreach($args as $value) {
-            $value = htmlspecialchars($value);
-            return $value;
-        }
 
         ob_start();
         include($file);
         $output = ob_get_clean();
         return $output;
     }
+}
+
+class View extends TemplateEngine {
+    public function escape(string $val) {
+        return htmlentities($val);
+    }
 };