#### 视图安全 ``` public function actionTest() { $data['msg'] = '<script>alert("hello")</script>>'; return $this->renderPartial('index',$data); } ``` ``` <?= $msg; ?> ``` 结果:弹出窗口  如下使用就会对字符串进行转义 ``` <?php use \yii\helpers\Html; use \yii\helpers\HTMLPurifier; ?> <?= \yii\helpers\Html::encode($msg); ?> <?= HTMLPurifier::process($msg); ?> //将html代码彻底移除掉 ``` 效果