2525
2626/**
2727 * Context specific methods for use in secure output escaping
28- *
29- * @final
3028 */
3129class Escaper
3230{
@@ -51,7 +49,7 @@ class Escaper
5149 * Current encoding for escaping. If not UTF-8, we convert strings from this encoding
5250 * pre-escaping and back to this encoding post-escaping.
5351 *
54- * @var non-empty- string
52+ * @var string
5553 */
5654 protected $ encoding'utf-8 ' ;
5755
@@ -90,7 +88,7 @@ class Escaper
9088 /**
9189 * List of all encoding supported by this class
9290 *
93- * @var list<non-empty-string>
91+ * @var array
9492 */
9593 protected $ supportedEncodings
9694 'iso-8859-1 ' ,
@@ -133,7 +131,6 @@ class Escaper
133131 * Constructor: Single parameter allows setting of global encoding for use by
134132 * the current object.
135133 *
136- * @param non-empty-string|null $encoding
137134 * @throws Exception\InvalidArgumentException
138135 */
139136 public function __construct (?string $ encodingnull )
@@ -162,19 +159,25 @@ public function __construct(?string $encoding = null)
162159 // set matcher callbacks
163160 $ this htmlAttrMatcher =
164161 /** @param array<array-key, string> $matches */
165- fn (array $ matchesstring => $ this htmlAttrMatcher ($ matches
162+ function (array $ matchesstring {
163+ return $ this htmlAttrMatcher ($ matches
164+ };
166165 $ this jsMatcher =
167166 /** @param array<array-key, string> $matches */
168- fn (array $ matchesstring => $ this jsMatcher ($ matches
167+ function (array $ matchesstring {
168+ return $ this jsMatcher ($ matches
169+ };
169170 $ this cssMatcher =
170171 /** @param array<array-key, string> $matches */
171- fn (array $ matchesstring => $ this cssMatcher ($ matches
172+ function (array $ matchesstring {
173+ return $ this cssMatcher ($ matches
174+ };
172175 }
173176
174177 /**
175178 * Return the encoding that all output/input is expected to be encoded in.
176179 *
177- * @return non-empty- string
180+ * @return string
178181 */
179182 public function getEncoding ()
180183 {
@@ -185,7 +188,7 @@ public function getEncoding()
185188 * Escape a string for the HTML Body context where there are very few characters
186189 * of special meaning. Internally this will use htmlspecialchars().
187190 *
188- * @return ($ string is non-empty-string ? non-empty-string : string)
191+ * @return string
189192 */
190193 public function escapeHtml (string $ string
191194 {
@@ -197,7 +200,7 @@ public function escapeHtml(string $string)
197200 * to escape that are not covered by htmlspecialchars() to cover cases where an attribute
198201 * might be unquoted or quoted illegally (e.g. backticks are valid quotes for IE).
199202 *
200- * @return ($ string is non-empty-string ? non-empty-string : string)
203+ * @return string
201204 */
202205 public function escapeHtmlAttr (string $ string
203206 {
@@ -219,7 +222,7 @@ public function escapeHtmlAttr(string $string)
219222 * Backslash escaping is not used as it still leaves the escaped character as-is and so
220223 * is not useful in a HTML context.
221224 *
222- * @return ($ string is non-empty-string ? non-empty-string : string)
225+ * @return string
223226 */
224227 public function escapeJs (string $ string
225228 {
@@ -237,7 +240,7 @@ public function escapeJs(string $string)
237240 * an entire URI - only a subcomponent being inserted. The function is a simple proxy
238241 * to rawurlencode() which now implements RFC 3986 since PHP 5.3 completely.
239242 *
240- * @return ($ string is non-empty-string ? non-empty-string : string)
243+ * @return string
241244 */
242245 public function escapeUrl (string $ string
243246 {
@@ -248,7 +251,7 @@ public function escapeUrl(string $string)
248251 * Escape a string for the CSS context. CSS escaping can be applied to any string being
249252 * inserted into CSS and escapes everything except alphanumerics.
250253 *
251- * @return ($ string is non-empty-string ? non-empty-string : string)
254+ * @return string
252255 */
253256 public function escapeCss (string $ string
254257 {
0 commit comments