JS Utilities

Lightpack’s Js utility provides a safe, expressive way to convert PHP data into JavaScript code for use in your views, scripts, or templates. It ensures proper escaping and supports all variable declaration types.

Overview

• encode(): Safely encode any PHP value (scalar, array, object) as a JavaScript literal or JSON.
• var() / let() / const(): Generate JavaScript variable declarations from PHP data.
• Escaping: All HTML, quotes, and special characters are escaped to prevent XSS and syntax errors.
• Helper function: Use the global js() helper for convenience.

use Lightpack\Utils\Js;

$js = new Js();

Or you can use the js() utility function.

Encode PHP data as JavaScript

encode(mixed $data, bool $asObject = true): string

• Converts any PHP value to a safe JavaScript/JSON representation.
• By default, returns a JSON literal.
• If $asObject is false, returns a JSON.parse(...) string for use in inline scripts.

js()->encode(42); // 42
js()->encode('hello'); // "hello"
js()->encode(['a' => 1, 'b' => 2]); // {"a":1,"b":2}
js()->encode(['foo' => 'bar'], false); // JSON.parse('{...}')

Create JS variable declarations

• var(string $name, mixed $value): string
• let(string $name, mixed $value): string
• const(string $name, mixed $value): string

Creates a JS variable declaration with the specified name and value.

js()->var('user', ['id' => 1]);   // var user = {"id":1};
js()->let('user', ['id' => 1]);   // let user = {"id":1};
js()->const('API_KEY', 'abc');    // const API_KEY = "abc";

Escaping & Safety

• All HTML tags (<, >), ampersands (&), quotes (', "), and special characters are escaped using JSONHEX* flags.
• Prevents XSS and JS syntax errors when embedding PHP data directly into scripts.
• Arrays and objects are encoded as JSON objects.