Skip to content

Feature Request: Stub for Escaper #343

New issue
New issue
Open
#346
Open
Feature Request: Stub for Escaper#343
#346
@navarr

Description

@navarr
navarr
opened on Jun 19, 2025

PHP Framework's Escaper class has doctypes that make it difficult to run phpstan on max on PHTML files - chiefly escapeHtml which has a return type of array|string and a param type of string

This causes errors with <?= $escaper->escapeHtml(__('Test String')) ?> which is completely valid Magento code, but a Phrase is not a string and the return type could be an array which you can't echo.

This is the stub file I am currently using:

<?php

namespace Magento\Framework;

use Stringable;

/**
 * @phpstan-type CastableString scalar|Stringable
 */
class Escaper
{
    /**
     * @param CastableString|array<CastableString> $data
     * @param string[]|null $allowedTags
     * @return ($data is array ? string[] : string)
     */
    public function escapeHtml($data, array|null $allowedTags = null): array|string {}

    /**
     * @param CastableString $string
     * @param bool $escapeSingleQuote
     * @return string
     */
    public function escapeHtmlAttr($string, bool $escapeSingleQuote = true): string {}

    /**
     * @param CastableString $string
     * @return string
     */
    public function escapeUrl($string): string {}

    /**
     * @param CastableString $string
     * @return string
     */
    public function encodeUrlParam($string): string {}

    /**
     * @param CastableString $string
     * @return string
     */
    public function escapeJs($string): string {}

    /**
     * @param CastableString $string
     * @return string
     */
    public function escapeCss($string): string {}

    /**
     * @param CastableString[]|CastableString $data
     * @param string $quote
     * @return ($data is array ? string[] : string)
     */
    public function  escapeJsQuote($data, string $quote = '\''): array|string {}

    /**
     * @param CastableString $data
     * @return string
     */
    public function escapeXssInUrl($data): string {}

    /**
     * @param string $data
     * @param bool $addSlashes
     * @return string
     */
    public function escapeQuote(string $data, bool $addSlashes = false): string {}
}

so that phpstan knows intelligently when it's going to return a string versus an array, and so that it accepts types that can be cast to a string instead of only strings - in line with what the Magento code actually is.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions