PHPackages mindplay/escape - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Templating & Views](/categories/templating) 4. / 5. mindplay/escape ActiveLibrary[Templating & Views](/categories/templating) mindplay/escape =============== A few global (yes, global!) functions to escape HTML/JS in templates 1.0.0(9y ago)3171LGPL-3.0+PHPPHP >=5.4 Since Feb 11Pushed 9y ago1 watchersCompare [ Source](https://github.com/mindplay-dk/escape)[ Packagist](https://packagist.org/packages/mindplay/escape)[ RSS](/packages/mindplay-escape/feed)WikiDiscussions master Synced yesterday READMEChangelog (1)Dependencies (1)Versions (2)Used By (0) mindplay/escape =============== [](#mindplayescape) This package provides a small set of global functions for use in plain PHP templates. [![PHP Version](https://camo.githubusercontent.com/581d3b86ad2a67effa63792b85b18395acbbc26aae6ab4a453ed555677b8761c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d352e342532422d626c75652e737667)](https://packagist.org/packages/mindplay/escape)[![Build Status](https://camo.githubusercontent.com/fd5d53cbf903da58bf8ee6123df71da49dd14cf0075d9d4e831acfd459de0053/68747470733a2f2f7472617669732d63692e6f72672f6d696e64706c61792d646b2f6573636170652e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/mindplay-dk/escape) I use this with [kisstpl](https://github.com/mindplay-dk/kisstpl) and plain PHP templates, but any package (or plain, raw PHP scripts) should be fine. It's really more documentation (perhaps even more just a philosophy) than it is code - and includes detailed inline documentation with examples. These are just tiny shorthand-functions wrapping `htmlspecialchars()` and `json_encode()` but with the assumption that you *always* want **HTML 5** and **UTF-8** encoding - if you don't, this package is not for you. The source-file is bootstrapped to aggressively autoload via Composer, which means these functions are always available, without having to use `require` or `include`. Currently the following functions are included: - `html($value)` ~ `htmlspecialchars((string) $value, ENT_HTML5, 'UTF-8', true)` - `attr($value)` ~ `htmlspecialchars((string) $value, ENT_QUOTES | ENT_HTML5, 'UTF-8', true)` - `js($value)` to escape inside a JavaScript string-literal context - `json($value)` ~ `json_encode($value, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)` Note that, because these functions are global, the addition of any new function would be considered a breaking change with a major version number increase. ##### Why? [](#why) Because the PHP defaults for these functions are outdated. And why global? Because we can't autoload functions, importing namespaced functions in every template is a hassle, and we're not using the global namespace for anything anyway. ### Escaping and Encoding Values [](#escaping-and-encoding-values) Each function is intended for use within a single context - e.g. within an HTML tag, an HTML attribute-value, a Javascript string literal, or inline in Javascript code. (Note that contexts are often *nested*, as per the examples in the "Nested Contexts" section below.) This is best illustrated with a few common examples. ##### HTML Tags [](#html-tags) When outputting a `string` value in the context of an HTML tag, use the `html()` function: ``` ``` ##### HTML Attributes [](#html-attributes) When outputting a `string` value in the context of an HTML attribute, use the `attr()` function: ``` ')"> ``` In this example, the inner context is a Javascript string literal, and the outer context is an HTML-attribute. There are many possible use-cases combining two (or more) contexts - but if you can wrap your head around the idea of *nested* contexts, selecting the right combination of functions should be fairly easy. ### Health Score 28 — LowBetter than 52% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity14 Limited adoption so far Community7 Small or concentrated contributor base Maturity58 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 3426d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/9445f567f43ee7a963270651e40e533634586f959e4df3d5398d001b1cb49be8?d=identicon)[mindplay.dk](/maintainers/mindplay.dk) --- Top Contributors [![mindplay-dk](https://avatars.githubusercontent.com/u/103348?v=4)](https://github.com/mindplay-dk "mindplay-dk (2 commits)") ### Embed Badge ![Health badge](/badges/mindplay-escape/health.svg) ``` [![Health](https://phpackages.com/badges/mindplay-escape/health.svg)](https://phpackages.com/packages/mindplay-escape) ``` ### Alternatives [limenius/react-bundle Client and Server-side react rendering in a Symfony Bundle 3861.2M](/packages/limenius-react-bundle)[area17/laravel-auto-head-tags Laravel Auto Head Tags helps you build the list of head elements for your app 4616.0k](/packages/area17-laravel-auto-head-tags)[jelix/wikirenderer WikiRenderer is a library to generate HTML or anything else from wiki content. 1712.2k1](/packages/jelix-wikirenderer)[webkinder/sproutset A Composer package for handling responsive images in Roots Bedrock + Sage + Blade projects. 281.8k](/packages/webkinder-sproutset) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)