Sanitize outputs
Permalink Browser Info Environment
Thank you for your great add-on. But I think you should add h() functions in the generated view.php files to sanitize user inputs.
Example:
Please reconsider this.
Thanks again!
Example:
Please reconsider this.
Thanks again!
Type: | Discussion |
---|---|
Status: | Resolved |
The only reason is security. Escaping some special characters with the h function will reduce the risks of XSS.
Hi Hissy,
Escaping output for text_box, text_area and email field types will do I assume? The rest of the fields got validation OR needs formatting (like WYSIWYG). Agree?
Kind regards,
Ramon
Escaping output for text_box, text_area and email field types will do I assume? The rest of the fields got validation OR needs formatting (like WYSIWYG). Agree?
Kind regards,
Ramon
Yes, I agree that.
Thanks for you input on this. Can you explain to me what this does and the advantages over just echo'ing the input without calling this function? I mean, are you having troubles without calling this function? What could go wrong in scenarios? I'm willing to implement this of course, if I have reason to.
Kind regards,
Ramon