6

In Magento 1 I used the code below for value: 

value="<?php echo $this->escapeHtml($this->getDefaultValue()) ?>

How could I set this code in Magento 2?

Rafael Corrêa Gomes
  • 13,309
  • 14
  • 84
  • 171
Rahul Katoch
  • 1,119
  • 3
  • 13
  • 37

5 Answers5

15
/**
 * Escaper
 *
 * @var \Magento\Framework\Escaper
 */
protected $_escaper;

public function __construct(
\Magento\Framework\Escaper $_escaper
) {
    $this->_escaper=$_escaper
}

Now you can easily use escapeHtml by

$this->_escaper->escapeHtml($data, $allowedTags);

Or If you are using any block or .phtml file then you can use this by

<?= $block->escapeHtml($block->getDefaultValue()); ?>

EDIT[As per requested]

$objectManager = \Magento\Framework\App\ObjectManager::getInstance();
$escaper = $objectManager->create('Magento\Framework\Escaper')->escapeHtml($data);
Keyur Shah
  • 18,046
  • 6
  • 66
  • 80
  • thanks for reply how i use with object method in my template file – Rahul Katoch Jan 23 '17 at 13:38
  • I have updated my answer @Rahulocodewire – Keyur Shah Jan 23 '17 at 13:42
  • thank you its work can you tell me please one thing how i load this in magento 2 $objectManager = \Magento\Framework\App\ObjectManager::getInstance(); $product = $objectManager->get('Magento\Catalog\Model\Product')->load($productId); its not work how i get the product id – Rahul Katoch Jan 23 '17 at 14:15
  • You should try with the $objectManager->create('Magento\Catalog\Model\Product')->load($‌​productId); @Rahulocodewire – Keyur Shah Jan 23 '17 at 14:26
  • hi Keyur shah can you tell me please one thing how i get the custom option in the magento 2 this is my code $objectManager = \Magento\Framework\App\ObjectManager::getInstance(); $product = $objectManager->get('Magento\Catalog\Model\Product')->load($productId);

    echo count($product->getOptions()); die;

    foreach ($product->getOptions() as $options) { $optionType = $options->getType(); $optionTitle = implode('', explode(" ", $options->getTitle())); $options->getId();

     – Rahul Katoch Jan 24 '17 at 05:27
  • I think for this you have to ask a new question so all the people in community can answer and for this question I already given answer to your question :) @Rahulocodewire – Keyur Shah Jan 24 '17 at 08:36
  • Your is not work also get error $data is undefind variable – Rahul Katoch Jan 24 '17 at 09:34
  • Please replace $data with $this->getDefaultValue(), In answer gave to how to use this :) @Rahulocodewire – Keyur Shah Jan 24 '17 at 09:36
  • Glad to hear that it is working @Rahulocodewire – Keyur Shah Jan 24 '17 at 10:19
9

With the latest version of Magento 2.4 now you can directly use $escaper variable to use class \Magento\Framework\Escaper. The $escaper local variable is available inside the any .phtml templates.

<?= $escaper->escapeHtml($block->getDefaultValue()); ?>

Read More at: XSS prevention strategies

Prince Patel
  • 22,708
  • 10
  • 97
  • 119
5

You can use it in magento-2 like below

value="<?php echo $block->escapeHtml($block->getDefaultValue()) ?>"
Suresh Chikani
  • 15,836
  • 11
  • 62
  • 99
0

Another way is to use the method "html_entity_decode"(http://php.net/manual/en/function.html-entity-decode.php) like this

echo html_entity_decode ( $_helper->productAttribute($_product, $_product->getName(), 'name') )
NoBody
  • 101
  • 1
  • According to new Magento 2 Coding standard it is not safe to use PHP function html_entity_decode (https://github.com/magento/magento-coding-standard/blob/a916b11b4760093dfbd17a51752550ef30bf569a/Magento2/Sniffs/Functions/DiscouragedFunctionSniff.php#L164) – Oleksandr Dykyi Aug 26 '19 at 13:24
0

Since magento/framework 100.2.0 you can call escape methods using $block variable in template files.

All available escape methods can be found in \Magento\Framework\View\Element\AbstractBlock class.

Roman Snitko
  • 786
  • 5
  • 15