form_helper - escapipng set_value |
Hi,
I'm just wondering if it is really necessary to escape textarea content commit 2c245616a7bc89e842b4f39693751c3d28c034f2 This commit just broke my app. Now I can't properly edit xml in textarea. Best Regards, Janusz
Well... it's a mantra: "Escape input, sanitize output". Seriously though, form_helper is just a helper, you can replace it or extend it.
Also, your "problem" runs deeper, as the set_value() is itself escaped, and not only the input_*() functions. Website: http://avenir.ro
Thanks for your answer. In my opinion it's a drastic change in this project stage
and it looks like next post is escaping escaped input and so on. -- janusz
A pull request was accepted so that if you pass a boolean value as third parameter to set_value() it will or not escape html tags. But if you use set_value() you shouldn't use it with input_*() as those functions are escaping themselves the values.
Website: http://avenir.ro
|
Welcome Guest, Not a member yet? Register Sign In |