9 Aug
2006
9 Aug
'06
4:54 p.m.
Umm. the entire idea is that they haven't been sanitised.
these are the fields that will be saved to the database. They are not for displaying.
For example, if you export a custom block, you want to export the php that you entered, not the value the php generates.
i haven't really thought this through, but my concern is that some user submits a node with the text db_query("DELETE * FROM users"). then you do a var_export() and then you do an include() in the import script. i am worried that this import will unknowingly cause damage.