in the file settings.yml, I had two .settings: in my all configuration On 27 jan, 11:02, smellycat37 <[email protected]> wrote: > hello, > > I use symfony 1.2.9 with doctrine... > I would like to escape all the special html character that user can > put in form html... > So I add in the section ".all .settings" of my settings.yml file the > followings lines: > escaping_strategy: both > escaping_method: ESC_ENTITIES > > With a form, I save an object annonce contained a description field > <script>alert('hello')</script> > I display $announce->getDescription() but the javascript is > executed... > When i check the source code I've got <script type="text/ > javascript">alert('bonjour')</script> and not ><script>alert > ('hello')</script> > > thanks for your help
-- You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.
