Poll: Improvement for Template Parser Class You do not have permission to vote in this poll. |
|||
Yes! | 11 | 68.75% | |
No! | 5 | 31.25% | |
Total | 16 vote(s) | 100% |
* You voted for this item. | [Show Results] |
Template Parser - class expansion |
(02-14-2016, 03:57 PM)ivantcholakov Wrote: http://fabien.potencier.org/templating-e...n-php.html - In conclusion, enable output escaping by default. Just to balance the auto-escape argument out: http://blog.astrumfutura.com/2012/06/aut...pting-xss/ Though I probably shouldn't have posted that since it just will likely bring up more discussion that's likely to subvert the thread. If it does, we'll just split it into it's own thread I guess. The nice thing is, though, no matter which side of the fence you're on (auto-escape or not), you'll be able to do it with CI4. We provide the Zend Escaper (the best one that we know of) so you can manually escape the data. We also have Content Secure Policy baked in (see the above article). And, since you'll be able to use your favorite template engine that does automatic escaping (as well as a number of other goodies), that angle is covered also. |
Messages In This Thread |
Template Parser - class expansion - by condor - 02-14-2016, 01:55 PM
RE: Template Parser - class expansion - by ivantcholakov - 02-14-2016, 03:53 PM
RE: Template Parser - class expansion - by ivantcholakov - 02-14-2016, 03:57 PM
RE: Template Parser - class expansion - by kilishan - 02-14-2016, 09:02 PM
RE: Template Parser - class expansion - by kilishan - 02-14-2016, 09:12 PM
RE: Template Parser - class expansion - by ivantcholakov - 02-15-2016, 12:26 AM
RE: Template Parser - class expansion - by sv3tli0 - 02-15-2016, 01:04 AM
RE: Template Parser - class expansion - by prezire - 11-04-2016, 07:46 PM
RE: Template Parser - class expansion - by condor - 02-15-2016, 01:36 AM
RE: Template Parser - class expansion - by ivantcholakov - 02-17-2016, 02:51 PM
RE: Template Parser - class expansion - by ciadmin - 11-04-2016, 09:04 PM
|