[drupal-devel] theme_box
Hi! I am somewhat surprised that theme_box contains no check_plain() calls. Regards NK
IMO themes should not bother about any security related issue. And if I recall it correctly, phptemplate engine takes care of that, in this case. If you find a place where it does not , you fuond a bug, IMO. Regards, Bèr Op dinsdag 05 juli 2005 09:44, schreef Karoly Negyesi:
Hi!
I am somewhat surprised that theme_box contains no check_plain() calls.
Regards
NK -- [ Bèr Kessels | Drupal services www.webschuur.com ]
On 7/5/05, Karoly Negyesi <karoly@negyesi.net> wrote:
I am somewhat surprised that theme_box contains no check_plain() calls.
Why should it? I thought the purpose of theme_box was to be a multi-purpose container for use by modules. Putting a check_plain in there on the content would make it nearly useless, as it would become impossible to put any HTML tags within the box. If modules are putting plain-text content within boxes, they should run the check_plain themselves.
participants (3)
-
Bèr Kessels -
Karoly Negyesi -
Tom Dobes