projects / civicrm-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d113422) | patch
Add Smarty modifier to purify HTML
authorSean Madsen <sean@seanmadsen.com>
Sun, 22 Apr 2018 13:29:03 +0000 (09:29 -0400)
committerTim Otten <totten@civicrm.org>
Wed, 18 Jul 2018 20:51:54 +0000 (13:51 -0700)
commit0abfeb23d8fc1915d921e1efadf0b54702be8e55
tree4fd14542d694ac39612164656c104c9c2196a626tree | snapshot (zip tar.gz)
parentd1134220ff7fc1ce3227c7c17c568be1f229307ccommit | diff
Add Smarty modifier to purify HTML

With this modifier, we can write Smarty code like:

    <div>{$untrustedHTML|purify}</div>

By using the purify modifier, we've protected against XSS, even if the
output variable contains HTML.
CRM/Core/Smarty/plugins/modifier.purify.php [new file with mode: 0644] blob