[development] Custom Handlers for Views 2

Earl Miles merlin at logrus.com
Sun Nov 21 18:36:54 UTC 2010

On 11/21/2010 2:37 AM, Hans Langouche wrote:
> I recently did something as simple as this and that seems to work
> (define it in the _data hook).
> class custom_module_handler_field_yours extends views_handler_field {
>   function render($values) {
>     return '<strong>'.$values->yourfield.'</strong>';
>   }
> }

If you're not using some kind of filtering, that particular piece of
code could be vulnerable to XSS attacks. See http://drupal.org/node/28984

Even if your real code is secure and you were just showing it as an
example, others could take the example and miss the security aspect
because it's not in the example.

More information about the development mailing list