That in making php programs on security troublesome is the XSS (cross-site scripting) measures
All character columns to display, you must escape the control characters of HTML
However, this escape processing is easy to forget even if we know
why? That is because I do not know where to put the escape
It does not and does not check that can be escaped successfully back in the variable to be displayed
In onethird cms, you can avoid this forgotten by escaped with a location to be displayed
For example, if you set the value of the input tag
<input type='text' value='{$ut->safe_echo($foo)}' />
By writing and, you can reliably perform escape processing
Please use all means
It should be noted, has been heavily involved in the design concept of this idea details on how onethird cms
"You had better go as close as possible to the declaration and implementation"
This is considered how introduced when the language has evolved to C ++ from C
Old days of C, the variable declaration is now an error do not declare at the beginning of the function
C ++ is now a good be declared at any location of the function specification
Big reason is, variable mistakes is better that you declared in the vicinity of processing good Shonari usability to use
Is from the fact that
OneThird CMS also has the foundation of the design have focused on this idea how
I think that there is a part that I see and look at the source in such idea
By all means your reference!