When displaying user input in your Views, it is important to convert all characters which have significance in HTML to their "entity" representation.
For example, the < symbol should be converted to its entity representation. Converting HTML characters to their entity representation helps protect your application from cross-site scripting:
echo HTML::entities('<script>alert('hi');</script>');
echo e('<script>alert('hi');</script>');
echo HTML::script('js/scrollTo.js');
echo HTML::style('css/common.css');
echo HTML::style('css/common.css', 'print');
Further Reading:
echo HTML::link('user/profile', 'User Profile');
echo HTML::secure_link('user/profile', 'User Profile');
echo HTML::link('user/profile', 'User Profile', array('id' => 'profile_link'));
echo HTML::link_to_route('profile');
$url = HTML::link_to_route('profile', array($username));
Further Reading:
echo HTML::link_to_action('home@index');
echo HTML::link_to_action('user@profile', 'User Profile', array($username));
The "mailto" method on the HTML class obfuscates the given e-mail address so it is not sniffed by bots.
echo HTML::mailto('example@gmail.com', 'E-Mail Me!');
echo HTML::mailto('example@gmail.com');
echo HTML::image('img/smile.jpg', $alt_text);
echo HTML::image('img/smile.jpg', $alt_text, array('id' => 'smile'));
echo HTML::ol(array('Get Peanut Butter', 'Get Chocolate', 'Feast'));
echo HTML::ul(array('Ubuntu', 'Snow Leopard', 'Windows'));
It's easy to define your own custom HTML class helpers called "macros". Here's how it works. First, simply register the macro with a given name and a Closure:
HTML::macro('my_element', function()
{
return '<article type="awesome">';
});
Now you can call your macro using its name:
echo HTML::my_element();