LaCollision Posted April 29, 2015 Posted April 29, 2015 Hi there, In IPB 3.x, we were used to call: $ipsRegistry->ajax->convertAndMakeSafe() … to clean any potential XSS injection in a request parameter. Do you know what we have to do in IPS4 to achieve the same? Thanks a lot
不中用 Posted April 29, 2015 Posted April 29, 2015 Hi there, In IPB 3.x, we were used to call: $ipsRegistry->ajax->convertAndMakeSafe() … to clean any potential XSS injection in a request parameter. Do you know what we have to do in IPS4 to achieve the same? Thanks a lot . http://community.invisionpower.com/4docs/advanced-usage/development/template-logic-r73/ Variables Variables can be used using normal curly braces: {$foo} To prevent XSS, variables used in this way are automatically escaped. To prevent the escaping, do: {$foo|raw} Be extremely careful when doing this not to introduce XSS vulnerabilities. The escaping is by default performed in a way that entities are not double-encoded. To change it to double-encode do: {$foo|doubleencode} .
LaCollision Posted April 29, 2015 Author Posted April 29, 2015 Hi, Thank you! But I'm not in a template
Recommended Posts
Archived
This topic is now archived and is closed to further replies.