dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3b1af6b) | patch
Make element() escape input like in Xml
authorAryeh Gregor <simetrical@users.mediawiki.org>
Tue, 18 Aug 2009 01:01:47 +0000 (01:01 +0000)
committerAryeh Gregor <simetrical@users.mediawiki.org>
Tue, 18 Aug 2009 01:01:47 +0000 (01:01 +0000)
commit8494a6cdb82cd9838fe6cc31891003a1f34e93bf
treee0230aa35d1b1c5821213b4f62b3591a30339ef9tree | snapshot
parent3b1af6bcfedd3ff392ce601a7b8b28f74d3ee7e4commit | diff
Make element() escape input like in Xml

Added rawElement() to allow unescaped input (like Xml::tags() but
better-named :) ).  This makes sure the easier case is the safer one as
well, and trades a risk of XSS for a risk of double-escaping.  After
discussion in #mediawiki a few days ago.
includes/Html.php diff | blob | history
Wiklou, le Wiki du Wiklou