Search the Community
Showing results for tags 'escape'.
Found 2 results
-
Hi. I am no PHP expert and have mostly done WordPress development during the last many years, so I am more used to the WordPress codebase than anything else. I have learned that it is good practice to escape your output with different WordPress functions, such as esc_attr, esc_url, esc_html etc. There is a list of functions here: https://codex.wordpress.org/Data_Validation Here is an example, taken from this tutorial: http://code.tutsplus.com/tutorials/data-sanitization-and-validation-with-wordpress--wp-25536 <h1> <?php echo esc_html($title); ?> </h1> I am aware that there are some sanitation functions in ProcessWire, but I have not seen any for this kind of output. Nor have I found any articles/posts about this kind of practice for ProcessWire. The $sanitizer seems to be more specific used for form input data. However, I assume that this is something one should consider in any PHP environment and not only in WordPress? Am I right? I am simply posting this question here, because I am a bit unsure and would love to here what other PHP developers here think about this and what is best to do in the ProcessWire environment. Looking forward to any feedback or input on this subject.
-
Hi, I'm trying to build a search function using selectors but when "sanitizing" a string, containing a comma, with Sanitizer::selectorValue it sometimes removes the comma. Here are some test runs (first row is input, second is selectorValue output) : 'test' 'test' "test' "test" ,test, ' "test '" ' '' ','test' "'test" guns n' roses, mötley crüe "guns n' roses mötley crüe" ','test "'test" "''" "" , "" test, test2 "test, test2" Also in the documentation for selectorValue it says: does this mean you can't search for all characters (comma)?
