PHPackages dzentota/template-variable - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Templating & Views](/categories/templating) 4. / 5. dzentota/template-variable ActiveLibrary[Templating & Views](/categories/templating) dzentota/template-variable ========================== A secure template variable library that provides context-aware escaping for PHP templates using TypedValue objects 09PHP Since Jul 7Pushed 10mo agoCompare [ Source](https://github.com/dzentota/template-variable)[ Packagist](https://packagist.org/packages/dzentota/template-variable)[ RSS](/packages/dzentota-template-variable/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) TemplateVariable - Secure Context-Aware Template Variables for PHP ================================================================== [](#templatevariable---secure-context-aware-template-variables-for-php) [![License: MIT](https://camo.githubusercontent.com/fdf2982b9f5d7489dcf44570e714e3a15fce6253e0cc6b5aa61a075aac2ff71b/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d4d49542d79656c6c6f772e737667)](https://opensource.org/licenses/MIT)[![PHP Version](https://camo.githubusercontent.com/7535257ca228724c93658bd52583d4e47a9bab02c356abf6e54c1d575f2151e6/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e312532422d626c75652e737667)](https://php.net) A secure template variable library that provides context-aware escaping for PHP templates, supporting the [AppSec Manifesto](https://github.com/dzentota/AppSecManifesto) principles by automatically preventing XSS vulnerabilities through intelligent output escaping. ๐Ÿš€ Features ---------- [](#-features) - **๐Ÿ”’ Automatic Context-Aware Escaping** - Default HTML escaping via `__toString()` magic method - **๐ŸŽฏ Explicit Context Control** - Specify exact context via `__invoke()` method - **๐Ÿ“š Collection-Aware Security** - Arrays and Traversable objects wrapped for secure iteration - **๐Ÿท๏ธ TypedValue Integration** - Works with [dzentota/typedvalue](https://github.com/dzentota/typedvalue) objects - **โšก Scalar Value Safety** - Treats scalar values (int, float, bool, null) as safe (not tainted) - **๐ŸŒ Multiple Context Support** - HTML, attributes, JavaScript, CSS, URL, and raw contexts - **๐Ÿ”ง Extensible Design** - Pluggable escaper interface for custom implementations - **๐Ÿงช Fully Tested** - Comprehensive test suite with realistic attack vectors Why TemplateVariable? --------------------- [](#why-templatevariable) Most template engines provide security through escaping, but they require developers to remember to escape values or use specific syntax. TemplateVariable brings this security directly into your PHP variables using magic methods, making secure templates the default behavior. ### The Problem [](#the-problem) Traditional PHP templates require manual escaping: ```