OneThird CMS

Lightweight CMS for Small website, Web application framework.

Download Document


XSS (cross-site scripting) measures, safe_echo

That in making php programs on security troublesome is the XSS (cross-site scripting) measures

All character columns to display, you must escape the control characters of HTML

However, this escape processing is easy to forget even if we know

why? That is because I do not know where to put the escape

It does not and does not check that can be escaped successfully back in the variable to be displayed

In onethird cms, you can avoid this forgotten by escaped with a location to be displayed

For example, if you set the value of the input tag

<input type='text' value='{$ut->safe_echo($foo)}' />

By writing and, you can reliably perform escape processing

Please use all means

It should be noted, has been heavily involved in the design concept of this idea details on how onethird cms

"You had better go as close as possible to the declaration and implementation"

This is considered how introduced when the language has evolved to C ++ from C

Old days of C, the variable declaration is now an error do not declare at the beginning of the function

C ++ is now a good be declared at any location of the function specification

Big reason is, variable mistakes is better that you declared in the vicinity of processing good Shonari usability to use

Is from the fact that

OneThird CMS also has the foundation of the design have focused on this idea how

I think that there is a part that I see and look at the source in such idea

By all means your reference!

Google Website Translator - Google Translate