Working …
This value you provided is not a number. Please try again.
This value you provided is not an integer. Please try again.
The value entered is not a valid Vanderbilt Medical Record Number (i.e. 4- to 9-digit number, excluding leading zeros). Please try again.
The value you provided must be within the suggested range
The value you provided is outside the suggested range
This value is admissible, but you may wish to double check it.
The value entered must be a time value in the following format HH:MM within the range 00:00-23:59 (e.g., 04:32 or 23:19).
This field must be a 5 or 9 digit U.S. ZIP Code (like 94043). Please re-enter it now.
This field must be a 10 digit U.S. phone number (like 415 555 1212). Please re-enter it now.
This field must be a valid email address (like joe@user.com). Please re-enter it now.
The value you provided could not be validated because it does not follow the expected format. Please try again.
Required format:
REDCap Logo
My Projects
Control Center
Plugins, Hooks, & External Modules
Introduction
FAQ for Plugins
FAQ for Hooks
External Module Development
redcap_info()
Developer methods for
Plugins, Hooks, & External Modules
REDCap::addFileToField
REDCap::addFileToRepository
REDCap::allowProjects
REDCap::allowUsers
REDCap::copyFile
REDCap::deleteRecord
REDCap::email
REDCap::escapeHtml
REDCap::evaluateLogic
REDCap::filterHtml
REDCap::getCopyright
REDCap::getData
REDCap::getDataDictionary
REDCap::getDataTable
REDCap::getEventIdFromUniqueEvent
REDCap::getEventNames
REDCap::getExportFieldNames
REDCap::getFieldNames
REDCap::getFieldType
REDCap::getFile
REDCap::getGroupNames
REDCap::getInstrumentNames
REDCap::getLogEventTable
REDCap::getNextRandomizationAllocation
REDCap::getPDF
REDCap::getParticipantEmail
REDCap::getParticipantList
REDCap::getProjectTitle
REDCap::getProjectXML
REDCap::getRecordIdField
REDCap::getReport
REDCap::getSurveyLink
REDCap::getSurveyQueueLink
REDCap::getSurveyReturnCode
REDCap::getUserRights
REDCap::getUsers
REDCap::getValidFieldsByEvents
REDCap::isLongitudinal
REDCap::logEvent
REDCap::renameRecord
REDCap::reserveNewRecordId
REDCap::saveData
REDCap::storeFile
REDCap::updateRandomizationTableEntry
REDCap::versionCompare
Hook functions
redcap_add_edit_records_page
redcap_control_center
redcap_custom_verify_username
redcap_data_entry_form
redcap_data_entry_form_top
redcap_email
redcap_every_page_before_render
redcap_every_page_top
redcap_pdf
redcap_project_home_page
redcap_save_record
redcap_survey_acknowledgement_page
redcap_survey_complete
redcap_survey_page
redcap_survey_page_top
redcap_user_rights

REDCap Developer Tools:
Documentation for Plugins, Hooks, & External Modules

REDCap Version 14.9.1
REDCap::escapeHtml
(REDCap >= 5.11.0)
REDCap::escapeHtml — Escapes a string of text or HTML for outputting to a webpage
Description
string REDCap::escapeHtml ( string $string )
Escapes a string of text or HTML for outputting to a webpage. If the text being printed to the page is user input (i.e., was originally generated by a user), then it is highly recommended to escape it to prevent any possibility of Cross-site Scripting (XSS).
Parameters
string
Text string to be escaped.
Return Values
Returns the escaped string.
Examples
Example #1:
This example shows how to print a string of text on a webpage literally so that any HTML tags inside the text do not get interpreted. The output of the example below should be the following:

Here's my <b>bold</b> text. Attempt to perform cross-site scripting with <script>alert('XSS successful!')</script> 
// Set the text value
$text = "Here's my <b>bold</b> text. Attempt to perform cross-site scripting
         with <script>alert('XSS successful!')</script>";

// Escape the text and output it to the webpage, which should display the string *exactly*
// as you see $text displayed above. If the string were not escaped, the word "bold" would
// appear in bold on the page, and it would cause a JavaScript pop-up saying "XSS successful!".
print REDCap::escapeHtml($text);
REDCap 14.9.1 - © 2024 Vanderbilt University