Add a new string escape helper function

application/helpers/html_helper.php

@@ -11,6 +11,25 @@
  * @since       v1.4.0
  * ---------------------------------------------------------------------------- */
 
+if ( ! function_exists('e'))
+{
+    /**
+     * HTML escape function for templates.
+     *
+     * Use this helper function to easily escape all the outputted HTML markup.
+     *
+     * Example:
+     *
+     * <?= e($string) ?>
+     *
+     * @param mixed $string Provide anything that can be converted to a string.
+     */
+    function e(mixed $string): string
+    {
+        return htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
+    }
+}
+
 if ( ! function_exists('component'))
 {
     /**

application/helpers/language_helper.php

@@ -37,6 +37,6 @@ if ( ! function_exists('lang'))
             $result = '<label for="' . $for . '"' . _stringify_attributes($attributes) . '>' . $result . '</label>';
         }
 
-        return $result ?: $line;
+        return e($result ?: $line);
     }
 }

application/views/components/booking_header.php

@@ -1,7 +1,7 @@
 <?php
 /**
  * Local variables.
- * 
+ *
  * @var string $company_name
  */
 ?>
@@ -9,11 +9,11 @@
 <div id="header">
     <div id="company-name">
         <img src="<?= vars('company_logo') ?: base_url('assets/img/logo.png') ?>" alt="logo" id="company-logo">
-        
+
         <span>
-            <?= $company_name ?>
+            <?= e($company_name) ?>
         </span>
-        
+
         <div class="d-flex justify-content-center justify-content-md-start">
             <span class="display-selected-service me-1 pe-1 border-end invisible">
                 <?= lang('service') ?>