The Zend Framework blog has continued their series spotlighting individual components of the framework and putting them to use outside of a ZF-based application. In the latest post they show how to use zend-escaper to handle context-specific escaping.
As the mantra goes, filter input, and escape output.
They start with some of the main issues around escaping output in PHP (and some of the inconsistencies) and what zend-escaper can to to help. The tutorial then shows how to pull the component into your current application via Composer and set up a new
Escaper instance. It briefly covers the built-in escaping methods and then provides some more real-world examples of how it can be used to protect your application.