add html_escape() function to escape HTML.
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 19e659f..11a1537 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -64,6 +64,7 @@
<li>General Changes
<ul>
<li>Callback validation rules can now accept parameters like any other validation rule.</li>
+ <li class="reactor">Added html_escape() to the <a href="general/common_functions.html">Common functions<a> to escape HTML output for preventing XSS easliy.</li>
</ul>
</li>
<li>Helpers
diff --git a/user_guide/general/common_functions.html b/user_guide/general/common_functions.html
index 2751133..f290521 100644
--- a/user_guide/general/common_functions.html
+++ b/user_guide/general/common_functions.html
@@ -104,6 +104,8 @@
<p>This function prevents inserting null characters between ascii characters, like Java\0script.</p>
+<h2>html_escape(<var>$mixed</var>)</h2>
+<p>This function provides short cut for htmlspecialchars() function. It accepts string and array. To prevent Cross Site Scripting (XSS), it is very useful.</p>
</div>