Editing (v7+)

Preferred method of outputting strings into forms

Permalink June 20, 2013 at 8:58 AM

Hi

Is there a preferred method od outputting strings into forms?

I have found the text helper none of its functions will stop something like this breaking a form's output

"<script>alert("a")</script>

It strips the tags, but leaves in the first double quote, which breaks value="" within an input.

Thanks

synlag replied on Jun 22, 2013 at 12:18 am Permalink Reply

Hi,

what about:

$th = Loader::helper(‘text’);
$text = $th->entities($text);

Greets

yolk replied on Jun 24, 2013 at 6:10 am Permalink Reply

That won't fix the single or double quote issue?

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.