Automatic Escaping

All elements which extend the Vespula\Form\Element\Element abstract class have automatic escaping of the value attribute. If you need to pass unescaped data (carefully), you can use the $element->valueRaw($value) method. You should also be in control of any text you pass as other attributes, as this text is never escaped. Finally, the text passed to labels and buttons is NOT automatically escaped. This may be something I revisit in the future.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
<?php
$form = new Vespula\Form\Form();
$form->id('my-form');

// Auto escaped
echo $form->text()->value('some value');

// Raw value
echo $form->text()->valueRaw('some hopefully safe raw value');

// Button and label text is never escaped.
echo $form->button('My Button');
?>