smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-05 02:44:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

added escapement of '</' to javascript escaping

Browse Source
This commit is contained in:
mohrt
2004-06-09 14:54:31 +00:00
parent 98d162e7b8
commit 7b260f7b83
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@@ -1,3 +1,5 @@
- added escapement of '</' to '<\/' in escape:javascript
modifier (c960657, Monte)
- added obfuscation of protocol-string in {mailto} when using hex- - added obfuscation of protocol-string in {mailto} when using hex-
encoding (bharat, messju) encoding (bharat, messju)
- enhanced auto-generated filenames for templates_c and cache (messju) - enhanced auto-generated filenames for templates_c and cache (messju)

4
libs/plugins/modifier.escape.php
View File

@@ -57,8 +57,8 @@ function smarty_modifier_escape($string, $esc_type = 'html')
return $return; return $return;
case 'javascript': case 'javascript':
// escape quotes and backslashes and newlines // escape quotes and backslashes, newlines, etc.
return strtr($string, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n')); return strtr($string, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/'));
case 'mail': case 'mail':
// safe way to display e-mail address on a web page // safe way to display e-mail address on a web page