projects / civicrm-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8d41714) | patch
Add Smarty modifier to purify HTML
authorSean Madsen <sean@seanmadsen.com>
Sun, 22 Apr 2018 13:29:03 +0000 (09:29 -0400)
committerTim Otten <totten@civicrm.org>
Fri, 20 Jul 2018 02:31:07 +0000 (19:31 -0700)
commitee7affec450b72799dce4a7a9897708c56818832
tree35c36f1da3bab8a158f87392a476a2b172fbf375tree | snapshot (zip tar.gz)
parent8d417149ea9c78b39365d1f292305e979bf33641commit | diff
Add Smarty modifier to purify HTML

With this modifier, we can write Smarty code like:

    <div>{$untrustedHTML|purify}</div>

By using the purify modifier, we've protected against XSS, even if the
output variable contains HTML.
CRM/Core/Smarty/plugins/modifier.purify.php [new file with mode: 0644] blob