Add a new string escape helper function

application/helpers/html_helper.php

@@ -11,6 +11,25 @@
  * @since       v1.4.0
  * ---------------------------------------------------------------------------- */
 
+if ( ! function_exists('e'))
+{
+    /**
+     * HTML escape function for templates.
+     *
+     * Use this helper function to easily escape all the outputted HTML markup.
+     *
+     * Example:
+     *
+     * <?= e($string) ?>
+     *
+     * @param mixed $string Provide anything that can be converted to a string.
+     */
+    function e(mixed $string): string
+    {
+        return htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
+    }
+}
+
 if ( ! function_exists('component'))
 {
     /**

application/helpers/language_helper.php

@@ -37,6 +37,6 @@ if ( ! function_exists('lang'))
             $result = '<label for="' . $for . '"' . _stringify_attributes($attributes) . '>' . $result . '</label>';
         }
 
-        return $result ?: $line;
+        return e($result ?: $line);
     }
 }

application/views/components/booking_header.php

@@ -11,7 +11,7 @@
         <img src="<?= vars('company_logo') ?: base_url('assets/img/logo.png') ?>" alt="logo" id="company-logo">
 
         <span>
-            <?= $company_name ?>
+            <?= e($company_name) ?>
         </span>
 
         <div class="d-flex justify-content-center justify-content-md-start">