[development] Drupal 6.x hook_menu question regarding use of wildcards - Resolved

Sat Feb 16 03:44:38 UTC 2008

> <?php
> function agenda_page_title($node, $text) {
> $return = $text . $node->title;
> return $return;
> }
> ?>
> 
> Welcome to the wonderful word of XSS holes!!!!! You want check_plain($node->title) and likely check_plain ($text . $node->title)
> 

Actually not.

drupal_get_title runs a check_plain on the menu_get_active_title() .

I only checked menu.inc . Sorry! 

I will update the handbook to indicate this.