Smarty and escaping user input (for lazy guys)
Submitted by Victor Smirnov on Fri, 2008/03/14 - 3:30pm.
Tags:
Smarty gives us a simple way to escape “dirty” variables when they come to template processing. With escape variable modifier you can make “dirty” things look smart. You can escape or even remove html tags and special characters.
Variable in a Smarty template without escaping {$articleTitle}
and with escaping {$articleTitle|escape:'html'}But if you are lazy like me you might wonder what the need to write “escape:’html’” again and again for all variables. Good new is that we can make Smarty do it by default by setting $default_modifiers field for Smarty object. For lazy guys here is sample
$smarty->default_modifiers = array('escape:"html"');We can turn off this “defaul” behaviour for selected variables with
{$var|smarty:nodefaults}Be Smarty and good luck! :)
- Login or register to post comments
- 402 reads
- Printer-friendly version
(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)
