html_escape on set

html_escape on set_value

El Forum
Unregistered

10-04-2012, 03:08 AM

[eluser]royduin[/eluser]
Thanks but as you can see the input is for a name, but if somebody don't fill in his name but:

Code:
"><h1>It works!</h1>

It "breaks" the code and the H1 is visible when the form validation in the controller fails! So set_value doesn't escape thinks like the html_escape function do.

So my question is how people fix this or what's the best practice?

Messages In This Thread

html_escape on set_value - by El Forum - 10-03-2012, 02:21 AM

html_escape on set_value - by El Forum - 10-04-2012, 01:53 AM

html_escape on set_value - by El Forum - 10-04-2012, 03:01 AM

html_escape on set_value - by El Forum - 10-04-2012, 03:08 AM

html_escape on set_value - by El Forum - 10-04-2012, 03:30 AM

html_escape on set_value - by El Forum - 10-04-2012, 03:57 AM

html_escape on set_value - by El Forum - 10-06-2012, 11:29 AM

html_escape on set_value - by El Forum - 10-06-2012, 12:03 PM

html_escape on set_value - by El Forum - 10-06-2012, 12:11 PM

html_escape on set_value - by El Forum - 10-07-2012, 03:07 AM