How to make a request parameter safe in IPS4?

LaCollision · April 29, 2015

Hi there,

In IPB 3.x, we were used to call:

$ipsRegistry->ajax->convertAndMakeSafe()

… to clean any potential XSS injection in a request parameter.

Do you know what we have to do in IPS4 to achieve the same?

Thanks a lot

不中用 · April 29, 2015

Hi there,

In IPB 3.x, we were used to call:
$ipsRegistry->ajax->convertAndMakeSafe()
… to clean any potential XSS injection in a request parameter.

Do you know what we have to do in IPS4 to achieve the same?

Thanks a lot

.

http://community.invisionpower.com/4docs/advanced-usage/development/template-logic-r73/

Variables

Variables can be used using normal curly braces:
{$foo}
To prevent XSS, variables used in this way are automatically escaped. To prevent the escaping, do:
{$foo|raw}
Be extremely careful when doing this not to introduce XSS vulnerabilities.

The escaping is by default performed in a way that entities are not double-encoded. To change it to double-encode do:
{$foo|doubleencode}

.

LaCollision · April 29, 2015

Hi,

Thank you!

But I'm not in a template

LaCollision · May 1, 2015

Anyone?

Invision Community 4: SEO, prepare for v5 and dormant account notifications

Invision Community 5: Beta testing and latest updates

Invision Community 4: A more professional report center

Invision Community 5: A video walkthrough creating a custom theme and homepage

How to make a request parameter safe in IPS4?

Recommended Posts

LaCollision

不中用

LaCollision

LaCollision

Archived

Recently Browsing 0 members

More