Skip to content

Instantly share code, notes, and snippets.

View jiripudil's full-sized avatar

Jiří Pudil jiripudil

86 followers · 43 following
View GitHub Profile
@jiripudil
jiripudil / text.md
Last active December 16, 2015 11:19
Write secure templates with Latte

Write secure templates with Latte

Writing templates can be a pain. Securing it against cross-site scripting attacks can be even worse. Sick of writing htmlspecialchars($output, ENT_QUOTES) again and again? And using htmlentities() instead when escaping input for a JavaScript snippet? Why bother when there is a templating engine that can take care of all this dirty business?

Latte is a templating engine that comes shipped as a part of Nette framework, an open-source PHP framework of Czech origin. It is dual-licensed under New BSD and GNU GPL licenses. Latte automatically secures your templates against XSS exploits using context-aware escaping. And it makes writing templates a pleasure.

So, how do you output a variable in a secure way? Simply:

{$variable}
@jiripudil
jiripudil / FileDumpMailer.php
Created April 4, 2013 19:06
Mailer for Nette that saves messages as EML files, for debug purposes
<?php
/**
* @copyright Copyright (c) 2013, Jiří Pudil
* @license http://opensource.org/licenses/MIT MIT License
*/
namespace jiripudil\Mail;
@jiripudil
jiripudil / gist:3883912
Created October 13, 2012 09:10
Select months by presence of entries
# select only those months for which there is at least one entry in the database table
# datetime column is DATE or DATETIME
SELECT DISTINCT(MONTH(datetime)) AS month, YEAR(datetime) AS year FROM post ORDER BY year, month
# returns table with distinct year-month pairs
@jiripudil
jiripudil / responsiveImages.html
Created September 5, 2012 18:52
Mobile-first responsive images using jQuery
<img src="/mobile/version.jpg" data-tablet-src="/tablet/version.jpg" data-full-src="/full/version.jpg" alt="Picture" class="responsive">