Skip to main content
Topic: Settings html-safe (Read 1935 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Settings html-safe

While reading this report:
https://github.com/SimpleMachines/SMF2.1/issues/1548
and thinking about the usual fuss about html allowed in many admin settings, I came up with this:
https://github.com/emanuele45/Dialogo/commit/e9b9d3f2c7b530f6abebf0b23193c7f4c967846d
so that, doing this:
https://github.com/emanuele45/Dialogo/commit/7bb15c97df4b8a8e0d31d1954a52b320e06c6554
is enough to sanitize the input.
The 'mask' parameter can accept also an array of sanitation rules or custom stuff (that means you add your own rules instead of the pre-made).

Does it make sense? :P
Bugs creator.
Features destroyer.
Template killer.

Re: Settings html-safe

Reply #1

Its adds a lot more flexibility to the function which is nice !  In the long run a much easier way to deal with those situations.

Re: Settings html-safe

Reply #2

And I'd say that in 1.1 we should apply this to anything in the admin panel...
Yeah, it's a pain, but use html these fields is no "the right way".
Bugs creator.
Features destroyer.
Template killer.