Keyword

Correctly escaping extra fields

  • Nick Wilmot
  • Nick Wilmot's Avatar Topic Author
  • Offline
  • New Member
More
8 years 7 months ago #146883 by Nick Wilmot
Correctly escaping extra fields was created by Nick Wilmot
Hello,
Can anyone advise on best practise for escaping extrafields? I'm currently just using the following which, I'm concerned isn't correctly escaped:

<?php echo $extrafields[21]; ?>

Thanks,
Nick

Please Log in or Create an account to join the conversation.

  • Krikor Boghossian
  • Krikor Boghossian's Avatar
  • Offline
  • Platinum Member
More
8 years 7 months ago #146888 by Krikor Boghossian
Replied by Krikor Boghossian on topic Correctly escaping extra fields
Hello Nick,

I am not sure I fully understand what you are trying to achieve.
This code will print the extafield. What do want to do with the extrafield's content?

JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)

Please Log in or Create an account to join the conversation.

  • Nick Wilmot
  • Nick Wilmot's Avatar Topic Author
  • Offline
  • New Member
More
8 years 7 months ago #146889 by Nick Wilmot
Replied by Nick Wilmot on topic Correctly escaping extra fields
Hello,

I want to ensure that if any malicious script is added to an extrafield, it isn't executed on the front end.

In WP, I'd use esc_html() or wp_kses_post() which prevents <script> from becoming a threat, for example.

Nick

Please Log in or Create an account to join the conversation.

  • Krikor Boghossian
  • Krikor Boghossian's Avatar
  • Offline
  • Platinum Member
More
8 years 7 months ago #146908 by Krikor Boghossian
Replied by Krikor Boghossian on topic Correctly escaping extra fields
Since we are talking about HTML/ JS/ Front end stuff this function will help you php.net/manual/en/function.htmlspecialchars.php

JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)

Please Log in or Create an account to join the conversation.


Powered by Kunena Forum