LaCollision Posted April 29, 2015 Share Posted April 29, 2015 Hi there, In IPB 3.x, we were used to call: $ipsRegistry->ajax->convertAndMakeSafe() … to clean any potential XSS injection in a request parameter. Do you know what we have to do in IPS4 to achieve the same? Thanks a lot Link to comment Share on other sites More sharing options...
不中用 Posted April 29, 2015 Share Posted April 29, 2015 Hi there, In IPB 3.x, we were used to call: $ipsRegistry->ajax->convertAndMakeSafe() … to clean any potential XSS injection in a request parameter. Do you know what we have to do in IPS4 to achieve the same? Thanks a lot . http://community.invisionpower.com/4docs/advanced-usage/development/template-logic-r73/ Variables Variables can be used using normal curly braces: {$foo} To prevent XSS, variables used in this way are automatically escaped. To prevent the escaping, do: {$foo|raw} Be extremely careful when doing this not to introduce XSS vulnerabilities. The escaping is by default performed in a way that entities are not double-encoded. To change it to double-encode do: {$foo|doubleencode} . Link to comment Share on other sites More sharing options...
LaCollision Posted April 29, 2015 Author Share Posted April 29, 2015 Hi, Thank you! But I'm not in a template Link to comment Share on other sites More sharing options...
LaCollision Posted May 1, 2015 Author Share Posted May 1, 2015 Anyone? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.