Welcome Guest, Not a member yet? Register   Sign In
form_helper - escapipng set_value
#1

Hi,
I'm just wondering if it is really necessary to escape textarea content commit 2c245616a7bc89e842b4f39693751c3d28c034f2

This commit just broke my app. Now I can't properly edit xml in textarea.

Best Regards,
Janusz
Reply
#2

(This post was last modified: 02-05-2015, 04:05 AM by Avenirer.)

Well... it's a mantra: "Escape input, sanitize output". Seriously though, form_helper is just a helper, you can replace it or extend it.

Also, your "problem" runs deeper, as the set_value() is itself escaped, and not only the input_*() functions.
Reply
#3

Thanks for your answer. In my opinion it's a drastic change in this project stage
and it looks like next post is escaping escaped input and so on.

--
janusz
Reply
#4

A pull request was accepted so that if you pass a boolean value as third parameter to set_value() it will or not escape html tags. But if you use set_value() you shouldn't use it with input_*() as those functions are escaping themselves the values.
Reply
#5

yes I just saw it. Thanks very much.

regards,
janusz
Reply




Theme © iAndrew 2016 - Forum software by © MyBB