[Xerte-dev] Re: Html escaping??
David Goodwin
david at palepurple.co.uk
Mon Sep 24 15:15:09 BST 2012
rss.php contains a function called _html_escape(…) which should be sufficient for the job.
David.
On 24 Sep 2012, at 15:12, Pat Lockley wrote:
> won't that mess with the URL though?
>
> On Mon, Sep 24, 2012 at 3:08 PM, Tom Reijnders <reijnders at tor.nl> wrote:
>> This morning I had a nasty issue in the export module of Xerte Online
>> Toolkits.
>>
>> Someone had used the 'Link and icon' of bleedingImage, and the link
>> contained an '&' sign.
>>
>> The export code can't handle this at the moment (SimpleXML.load can't read
>> the resulting .xml) because the '&' is not escaped as '&';
>>
>> Are there other places where we do escape input texts? Where? What is the
>> best plave to fix this (in xot or in the wizard)?
>>
>> Tom
>>
Pale Purple Ltd. (Company No: 5580814)
'Business Web Application Development and Training in PHP'
http://www.palepurple.co.uk
Office: 0845 0046746 Mobile: 07792380669
Follow us on Twitter: @PalePurpleLtd
More information about the Xerte-dev
mailing list