Skip to content

$field->escape()

Escapes the field value to be safely used in HTML templates without the risk of XSS attacks

$field->escape(string $context = 'html')

Parameters

Name Type Default Description
$context string 'html' Location of output (html, attr, js, css, url or xml)

Aliases

You can use the following aliases for this field method in your template:

  • $field->esc(…)

Examples

<p><?= $page->text()->escape() ?></p>
<img alt="<?= $image->alt()->escape('attr') ?>" src="<?= $image->url() ?>" />
<section style="--columns: <?= $section->columns()->escape('css')">
...
</section>
<script>
let yourVariable = "<?= $page->jsVariable()->escape('js') ?>";

// ...
</script>
<iframe src="https://map.example.com/?lat=<?= $map->lat()->escape('url') ?>&lon=<?= $map->lon()->escape('url') ?>"></iframe>