Incorporating Zend/Escaper into our view layer. Fixes #5

application/config/autoload.php

@@ -83,6 +83,7 @@ class AutoloadConfig
 			'CodeIgniter\Log\Logger'                      => BASEPATH.'Log/Logger.php',
 			'CodeIgniter\View\RenderableInterface'        => BASEPATH.'View/RenderableInterface.php',
 			'CodeIgniter\View\View'                       => BASEPATH.'View/View.php',
+			'Zend\Escaper\Escaper'                        => BASEPATH.'View/Escaper.php',
 			'PSR\Log\LoggerInterface'                     => BASEPATH.'Log/LoggerInterface.php',
 		    'PSR\Log\LogLevel'                            => BASEPATH.'Log/LogLevel.php',
 		    'PSR\Log\LoggerAwareInterface'                => BASEPATH.'Log/LoggerAwareInterface.php',

system/Common.php

@@ -8,7 +8,7 @@
  * @category Common Functions
  */
 
-if (! function_exists('log_message'))
+if ( ! function_exists('log_message'))
 {
 	/**
 	 * A convenience/compatibility method for logging events through
@@ -30,16 +30,17 @@ if (! function_exists('log_message'))
 	 *
 	 * @return mixed
 	 */
-	function log_message(string $level, $message, array $context=[])
+	function log_message(string $level, $message, array $context = [])
 	{
 		// @todo Don't create a new class each time!
-		return \App\Config\Services::logger()->log($level, $message, $context);
+		return \App\Config\Services::logger()
+		                           ->log($level, $message, $context);
 	}
 }
 
 //--------------------------------------------------------------------
 
-if (! function_exists('view'))
+if ( ! function_exists('view'))
 {
 	/**
 	 * Grabs the current RenderableInterface-compatible class
@@ -56,7 +57,7 @@ if (! function_exists('view'))
 	 *
 	 * @return string
 	 */
-	function view(string $name, array $data=[], array $options=[])
+	function view(string $name, array $data = [], array $options = [])
 	{
 		/**
 		 * @var CodeIgniter\View\View $renderer
@@ -64,7 +65,72 @@ if (! function_exists('view'))
 		$renderer = \App\Config\Services::renderer();
 
 		return $renderer->setData($data, 'raw')
-						->render($name, $options);
+		                ->render($name, $options);
+	}
+}
+
+//--------------------------------------------------------------------
+
+if ( ! function_exists('esc'))
+{
+	/**
+	 * Performs simple auto-escaping of data for security reasons.
+	 * Might consider making this more complex at a later date.
+	 *
+	 * If $data is a string, then it simply escapes and returns it.
+	 * If $data is an array, then it loops over it, escaping each
+	 * 'value' of the key/value pairs.
+	 *
+	 * Valid context values: html, js, css, url, attr, raw, null
+	 *
+	 * @param string|array $data
+	 * @param string       $context
+	 * @param string       $encoding
+	 *
+	 * @return $data
+	 */
+	function esc($data, $context = 'html', $encoding=null)
+	{
+		if (is_array($data))
+		{
+			foreach ($data as $key => &$value)
+			{
+				$value = esc($value, $context);
+			}
+		}
+
+		if (is_string($data))
+		{
+			$context = strtolower($context);
+
+			// Provide a way to NOT escape data since
+			// this could be called automatically by
+			// the View library.
+			if (empty($context) || $context == 'raw')
+			{
+				return $data;
+			}
+
+			if ( ! in_array($context, ['html', 'js', 'css', 'url', 'attr']))
+			{
+				throw new \InvalidArgumentException('Invalid escape context provided.');
+			}
+
+			if ($context == 'attr')
+			{
+				$method = 'escapeHtmlAttr';
+			}
+			else
+			{
+				$method = 'escape'.ucfirst($context);
+			}
+
+			$escaper = new \Zend\Escaper\Escaper($encoding);
+
+			$data   = $escaper->$method($data);
+		}
+
+		return $data;
 	}
 }
 
@@ -78,7 +144,7 @@ if ( ! function_exists('is_cli'))
 	 *
 	 * Test to see if a request was made from the command line.
 	 *
-	 * @return 	bool
+	 * @return    bool
 	 */
 	function is_cli()
 	{

system/View/View.php

@@ -1,7 +1,5 @@
 <?php namespace CodeIgniter\View;
 
-require dirname(__FILE__).'/Escaper.php';
-
 use CodeIgniter\Loader;
 
 /**