> protected function getDescription(): ?string { return 'Forgetting to properly escape the strings you get from your users '. 'can lead to serious security holes. Hack can help by forcing you to '. 'escape these strings before using them as strings.'; } protected function getFilenames(): Vector { return Vector { 'UnescapedString.php', 'MySecureRequest.php', }; } protected function getDocs(): Vector<(string, string)> { return Vector{ tuple('Opaque Type Aliasing', 'hack.typealiasing.opaquetypealiasing'), }; } public function getDemoFilename(): string { return 'demo.php'; } public function getDemoResult(): string { return unescaped_string_main(); } public function getDemoXHP(): ?:xhp { $url = '/recipes/unescaped-string/'; return Try setting the myStrParam GET param to something nice and innocent with this button...

GET myStrParam=Hello world

; } }