Manual:HtmlArmor.php

HtmlArmor is a small utility class for situations where you want to accept a parameter of text that is normally escaped, but in some cases needs to accept raw HTML.

/**
 * @param string|HtmlArmor $text
 * @return string
 */
function fooBar( $text ) {
	$html = HtmlArmor::getHtml( $text );
	return "<stuff>$html</stuff>";
}

In the above example, the $text parameter can either be a to-be-escaped string, or an HtmlArmor object that should remain the same. The HtmlArmor::getHtml() function will take care of the escaping for you, providing you with content you know that is safe HTML.

fooBar( "this will be <b>escaped!</b>" );
// <stuff>this will be &lt;b&gt;escaped!&lt;/b&gt;</stuff>

fooBar( new HtmlArmor( "this will <i>not</i> be <b>escaped!</b>" ) );
// <stuff>this will <i>not</i> be <b>escaped!</b></stuff>"