aboutsummaryrefslogtreecommitdiffhomepage
path: root/tpl/page.footer.html
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2015-06-11 13:53:27 +0200
committerArthurHoaro <arthur@hoa.ro>2015-06-23 16:35:36 +0200
commit5f85fcd863fe261921953ea3bd1742f3e1b7cf68 (patch)
tree5615922c1c696ec04cc60625a8d401b2b297a462 /tpl/page.footer.html
parent0923a2bc1b097bf1def882722db489d83d95c423 (diff)
downloadShaarli-5f85fcd863fe261921953ea3bd1742f3e1b7cf68.tar.gz
Shaarli-5f85fcd863fe261921953ea3bd1742f3e1b7cf68.tar.zst
Shaarli-5f85fcd863fe261921953ea3bd1742f3e1b7cf68.zip
Working on shaarli/Shaarli#224
I reviewed character escaping everywhere with the following ideas: * use a single common function to escape user data: `escape` using `htmlspecialchars`. * sanitize fields in `index.php` after reading them from datastore and before sending them to templates. It means no escaping function in Twig templates. 2 reasons: * it reduces risks of security issue for future user made templates * more readable templates * sanitize user configuration fields after loading them.
Diffstat (limited to 'tpl/page.footer.html')
-rw-r--r--tpl/page.footer.html2
1 files changed, 1 insertions, 1 deletions
diff --git a/tpl/page.footer.html b/tpl/page.footer.html
index 42c621b9..8143669d 100644
--- a/tpl/page.footer.html
+++ b/tpl/page.footer.html
@@ -2,7 +2,7 @@
2 <b><a href="https://github.com/shaarli/Shaarli">Shaarli</a></b> - The personal, minimalist, super-fast, no-database delicious clone by the <a href="https://github.com/shaarli/Shaarli">Shaarli</a> community - <a href="doc/Home.html">Help/documentation</a> 2 <b><a href="https://github.com/shaarli/Shaarli">Shaarli</a></b> - The personal, minimalist, super-fast, no-database delicious clone by the <a href="https://github.com/shaarli/Shaarli">Shaarli</a> community - <a href="doc/Home.html">Help/documentation</a>
3</div> 3</div>
4{if="$newversion"} 4{if="$newversion"}
5 <div id="newversion"><span id="version_id">&#x25CF;</span> Shaarli {$newversion|htmlspecialchars} is <a href="https://github.com/shaarli/Shaarli/releases">available</a>.</div> 5 <div id="newversion"><span id="version_id">&#x25CF;</span> Shaarli {$newversion} is <a href="https://github.com/shaarli/Shaarli/releases">available</a>.</div>
6{/if} 6{/if}
7{if="isLoggedIn()"} 7{if="isLoggedIn()"}
8<script>function confirmDeleteLink() { var agree=confirm("Are you sure you want to delete this link ?"); if (agree) return true ; else return false ; }</script> 8<script>function confirmDeleteLink() { var agree=confirm("Are you sure you want to delete this link ?"); if (agree) return true ; else return false ; }</script>