[development] Custom Handlers for Views 2
Earl Miles
merlin at logrus.com
Sun Nov 21 18:36:54 UTC 2010
On 11/21/2010 2:37 AM, Hans Langouche wrote:
> I recently did something as simple as this and that seems to work
> (define it in the _data hook).
>
> class custom_module_handler_field_yours extends views_handler_field {
> function render($values) {
> return '<strong>'.$values->yourfield.'</strong>';
> }
> }
If you're not using some kind of filtering, that particular piece of
code could be vulnerable to XSS attacks. See http://drupal.org/node/28984
Even if your real code is secure and you were just showing it as an
example, others could take the example and miss the security aspect
because it's not in the example.
More information about the development
mailing list