21 Nov
2010
21 Nov
'10
7:36 p.m.
On 11/21/2010 2:37 AM, Hans Langouche wrote:
I recently did something as simple as this and that seems to work (define it in the _data hook).
class custom_module_handler_field_yours extends views_handler_field { function render($values) { return '<strong>'.$values->yourfield.'</strong>'; } }
If you're not using some kind of filtering, that particular piece of code could be vulnerable to XSS attacks. See http://drupal.org/node/28984 Even if your real code is secure and you were just showing it as an example, others could take the example and miss the security aspect because it's not in the example.