beginner
Reputation: 2032
What is the difference between Html::encode() and just the basic html code in YII2?
I'm a beginner in YII and I don't know whats the difference between <?= Html::encode($this->title)?> to just <?= $this->title?>.. I have tested these two and they seemed to give the same output.
Upvotes: 3
Views: 8919
Answers (1)
arogachev
Reputation: 33548
Docs and source code can tell you everything.
Basically Html::encode() is just the wrapper of htmlspecialchars native PHP function:
Encodes special characters into HTML entities.
The application charset will be used for encoding.
To understand the basic difference and benefit of that, try to echo:
$string = '<script>alert(1);</script>';
echo $string;
and then:
echo Html::encode($string);
So encode is useful for filtering user saved data. If the data comes from developer, not from user, you may not apply encode and HTML will be displayed as is.
Official docs:
Upvotes: 3
Related Questions
- Display data from database using html encode(yii2)
- What is difference between UTF-8 and HTML entities?
- Confused with html encoding
- yii2 - Why use yii\helpers\Html instead of just typing
- Do I need to use CHtml::encode at TbDetailView?
- What's the difference between Chtml::encode and CHtmlPurifier?
- Why are there two different HTML entities formats and what is their difference?
- Why use Chtml in yii framework
- How and when to use Html encode
- Difference between using regular HTML and HTML inside echo statements or variables in PHP