On 09-01-2009 at 00:47:29 Iván -DrSlump- Montes wrote:
As for people being able to inject JS code, I guess they mean that a
commenter can put JS in a comment. However, in that case, the
responsability for cleaning any XSS or any other form of script injection is the "input
filter" which has
On Fri, Jan 9, 2009 at 11:35 AM, Kornel Lesiński wrote:
>
> I disagree. There's nothing wrong with allowing someone to write comment
> like alert('xss'). I just did that! I hope your e-mail
> client didn't execute the code, and didn't remove it either.
> That's why automatic escaping in PHPTAL is
On 08-01-2009 at 21:47:29 Trent Moyer wrote:
... HTML Code ...
The intent is to make every other row have a class="alt".
This is my code for the modifier:
function phptal_tales_alt( $src, $nothrow )
{
$src = trim($src);
return '( '.phptal_tales($src, $nothrow)." ? 'alt' : null )"