Blocks:auto escape

From Dwoo Docs

Jump to: navigation, search

Overrides the compiler auto-escape setting within the block

auto_escape(mixed $enabled)

enabled : if set to "on", "enable", true or 1 then the compiler autoescaping is enabled inside this block. set to "off", "disable", false or 0 to disable it

Example:

{$user="<a href=\"javascript:jsAttack()\">EvilTroll</a>"}
{$user} {* => no escaping, if you didn't filter your data in your php code, this is potentially harmful user input *}
 
{auto_escape on}
{$user} {* here any injected html is escaped so it's safe *}
{/auto_escape}

Output:

<a href="javascript:jsAttack()">EvilTroll</a> => interpreted as HTML by the browser
&lt;a href="javascript:jsAttack()"&gt;EvilTroll&lt;/a&gt; => interpreted as text by the browser

Retrieved from "http://wiki.dwoo.org/index.php/Blocks:auto_escape"

Views

Personal tools

Log in / create account

Search

Toolbox

page language

French

The article you want to access doesn't exist in French.