| Age | Commit message (Collapse) | Author |
|---|
|
we're not relying on overriding url::site() to do tricks around item
urls. This means that you won't get item urls by doing
url::site("albums/37"), for example, but it also means that we won't
get pretty urls where we don't expect them (like in the action of a
<form> element).
Incidentally, this will help us move over to using the slug format
because if you've got a bad character in a url, the edit forms will
now work on it since they'll be id based.
|
|
instead of SafeString directly.
|
|
SafeString::purify().
Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway.
|
|
This reverts commit 31969a1d8211187e415eac51d155b4efded365f3.
|
|
|
|
item::description. In addition add p::clean or p::purify to places that
xss cleaning had missed (i.e. rss feeds)
|
|
approach using html::specialchars and purify uses HTMLPurifier to intelligently
cleanse the output fields. Use purifier for text and title fields where it is
likely that a user would enter html to format their data.
|
|
|
|
|
|
|
|
user/group buttons and search form on search results page.
|
|
item and comment data. Whew!
It's not pretty yet. And you have to manually update the index
currently in admin/maintenance. But it works.
|
