[development] Video module getting ready for 4.7 release: need
help debugging
Dries Buytaert
dries.buytaert at gmail.com
Mon Jun 19 05:26:57 UTC 2006
On 19 Jun 2006, at 01:42, Steven Wittens wrote:
>>> t('play %link', array('%link' => $node->title))
>>
>> this is used as title attribute for a link... maybe check_plain()
>> should be used insted of theme('placeholder') as suggested.
>
> Neither check_plain() or theme('placeholder') are necessary or even
> make sense here. Title attributes cannot contain HTML, so their
> content is passed as plain-text to l(). The attribute content is
> escaped right before outputting in drupal_attributes().
Yes, I picked the wrong example. There are still dozens of other
security bugs in the video module though.
drupal_set_title(t('Playing') . ' ' . $node->title);
--
Dries Buytaert :: http://www.buytaert.net/
More information about the development
mailing list