425
Appendix
Additional Online Security Chapters
is book is supported by two online chapters at:
http://www.projectseven.net/secdevCSP.htm
http://www.projectseven.net/secdevagile.htm
ese chapters cover developing with a Content Security Policy, and Agile Development
with TDD.
Understanding the Regular Expression behind Encoder
Programming PHP, ird Edition (Tatroe, MacIntyre, and Lerdorf 2013) introduces
alibrary class called Encoder that can be used to properly escape output in different con-
texts. e nice thing about this class is that it maps member function names to distinct
output contexts so that it is easy to use correctly for the needed condition. For example,
to output to HTML, call encodeForHTML(), for HTML attributes call encode-
ForH ...