Jump to content

How to make a request parameter safe in IPS4?


LaCollision

Recommended Posts

Hi there,

In IPB 3.x, we were used to call:

$ipsRegistry->ajax->convertAndMakeSafe()

… to clean any potential XSS injection in a request parameter.

Do you know what we have to do in IPS4 to achieve the same?

Thanks a lot :) 

​.

 

http://community.invisionpower.com/4docs/advanced-usage/development/template-logic-r73/

 

Variables

Variables can be used using normal curly braces:

{$foo}

To prevent XSS, variables used in this way are automatically escaped. To prevent the escaping, do:

{$foo|raw}

Be extremely careful when doing this not to introduce XSS vulnerabilities.

The escaping is by default performed in a way that entities are not double-encoded. To change it to double-encode do:

{$foo|doubleencode}

 

 

 

.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...