PHPackages                             jakubboucek/legacy-escape - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. jakubboucek/legacy-escape

ActiveLibrary[Security](/categories/security)

jakubboucek/legacy-escape
=========================

Right escape data inserted to HTML, CSS, JS and URL. Substrate of Latte/Latte package.

v1.10.0(7mo ago)21.8kMITPHPPHP ~7.2 || ~8.0CI passing

Since Apr 13Pushed 7mo ago2 watchersCompare

[ Source](https://github.com/jakubboucek/legacy-escape)[ Packagist](https://packagist.org/packages/jakubboucek/legacy-escape)[ RSS](/packages/jakubboucek-legacy-escape/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (10)Dependencies (3)Versions (18)Used By (0)

Escape
======

[](#escape)

PHP library to right escape outputs in your legacy project.

Don't use package for new projects, use [Latte](https://latte.nette.org/) instead.

Package is substrate of [Latte package](https://github.com/nette/latte/)[filters](https://github.com/nette/latte/blob/master/src/Latte/Runtime/Filters.php).

Features
--------

[](#features)

- Escape HTML
- Escape HTML attributes
- Escape HTML href attributes
- Escape HTML comments
- Escape XML
- Escape JS
- Escape URL
- Escape CSS
- Escape CSS specifics for few properties:
    - `color` value

Install
-------

[](#install)

```
composer require jakubboucek/legacy-escape
```

Usage
-----

[](#usage)

Instead:

```
echo 'Registered user: ' . $username;
```

Use:

```
use JakubBoucek\Escape\Escape;

echo 'Registered user: ' . Escape::html($username);
```

You can use shortcut by aliasing too:

```
use JakubBoucek\Escape\Escape as E;

echo 'Registered user: ' . E::html($username);
```

CSS specifics
-------------

[](#css-specifics)

In few cases you cannot use `Escape::css($cssColor)` to escape some known format, because standard escaping is broke CSS format. Class `EscapeCss` has prepared limited set of known propetries with specefics format:

### `color` property

[](#color-property)

Sanitize value od CSS `color` property to safe format, example:

```
use JakubBoucek\Escape\EscapeCss;

echo 'color: ' . EscapeCss::color($cssColor) . ';';
```

It's prevent attact by escaping color value context.

Safe HTML content
-----------------

[](#safe-html-content)

Package supports escaping HTML with included [safe HTML content](https://doc.nette.org/en/3.1/html-elements).

Usage:

```
use JakubBoucek\Escape\Escape;
use Nette\Utils\Html;

$avatarUrl = 'http:/example.com/avatar.png';
$username = 'John Doe hack';

$avatarImage = Html::el('img')->src($avatarUrl)->width(16);
echo Escape::html($avatarImage, ' ', $username);

//  John Doe &lt;script&gt;hack&lt;/script&gt;
```

Output without any escaping
---------------------------

[](#output-without-any-escaping)

In some cases you intentionally want to output variable without any escaping, but somebody other or your future self may mistakenly believe you forgot to escape it. Here you can use `noescape()` method to mark code as intentionally unescaped.

```
echo \JakubBoucek\Escape\Escape::noescape($htmlContent);
```

FAQ
---

[](#faq)

### Is it support for escaping SQL query?

[](#is-it-support-for-escaping-sql-query)

No, SQL requires access to active SQL connection to right escape. This package is only allows to escape contexts without external requirements.

Contributing
------------

[](#contributing)

Please don't hesitate send Issue or Pull Request.

Security
--------

[](#security)

If you discover any security related issues, please email  instead of using the issue tracker.

License
-------

[](#license)

The MIT License (MIT). Please see [License File](LICENSE) for more information.

### Origin code licences

[](#origin-code-licences)

- [New BSD License](https://github.com/nette/latte/blob/master/license.md#new-bsd-license)
- [GNU General Public License](https://github.com/nette/latte/blob/master/license.md#gnu-general-public-license)

Copyright (c) 2004, 2014 David Grudl () All rights reserved. Please see [License File](https://github.com/nette/latte/blob/master/license.md) for more information.

###  Health Score

43

—

FairBetter than 91% of packages

Maintenance65

Regular maintenance activity

Popularity20

Limited adoption so far

Community8

Small or concentrated contributor base

Maturity66

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~102 days

Recently: every ~214 days

Total

17

Last Release

212d ago

Major Versions

v0.1.1 → v1.2.02021-09-05

PHP version history (5 changes)v0.1.0PHP &gt;= 7.1

v1.5.0PHP &gt;= 7.2

v1.9.2PHP ~7.2.0 || ~7.3.0 || ~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0

v1.9.3PHP ~7.2.0 || ~7.3.0 || ~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0

v1.9.4PHP ~7.2 || ~8.0

### Community

Maintainers

![](https://www.gravatar.com/avatar/343719dd69717f77bd727d9c3c110aabab0eb24f881dbf05941c1ba0d0deff6c?d=identicon)[jakubboucek](/maintainers/jakubboucek)

---

Top Contributors

[![jakubboucek](https://avatars.githubusercontent.com/u/1657322?v=4)](https://github.com/jakubboucek "jakubboucek (58 commits)")

---

Tags

legacy-applicationphpsecurity

###  Code Quality

Static AnalysisPHPStan

Type Coverage Yes

### Embed Badge

![Health badge](/badges/jakubboucek-legacy-escape/health.svg)

```
[![Health](https://phpackages.com/badges/jakubboucek-legacy-escape/health.svg)](https://phpackages.com/packages/jakubboucek-legacy-escape)
```

###  Alternatives

[defuse/php-encryption

Secure PHP Encryption Library

3.9k162.4M214](/packages/defuse-php-encryption)[roave/security-advisories

Prevents installation of composer packages with known security vulnerabilities: no API, simply require it

2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier

Laravel 5/6/7/8/9/10 HtmlPurifier Package

2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs

A PHP library for XML Security

41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php

Realistic password strength estimation PHP library based on Zxcvbn JS

86917.5M63](/packages/bjeavons-zxcvbn-php)[enlightn/security-checker

A PHP dependency vulnerabilities scanner based on the Security Advisories Database.

33732.2M110](/packages/enlightn-security-checker)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)