To participate you must create an account on apostrophenow.org. If you have already done so, click Login.

Changeset 3523 for sandboxes

Timestamp:

04/06/11 10:15:11 (14 months ago)

Author:

tboutell

Message:

Fixes #1012: output escaping was turned off in the sandbox on February 2nd 2011. Our plugins are designed to work with or without output escaping, but you should check your client projects to make sure you explicitly enabled it or have otherwise coded in an XSS-safe fashion

Files:

: 1 modified

sandboxes/asandbox/branches/1.5/apps/frontend/config/settings.yml (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

sandboxes/asandbox/branches/1.5/apps/frontend/config/settings.yml

r3517	r3523
41	41	# In 1.5 Apostrophe is compatible with the Symfony default escaping strategy
42	42
43		escaping_strategy: ~~fals~~e # Determines how variables are made available to templates.
	43	escaping_strategy: true # Determines how variables are made available to templates.
44	44	escaping_method: ESC_SPECIALCHARS # Function or helper used for escaping. Accepted values: ESC_RAW, ESC_ENTITIES, ESC_JS, ESC_JS_NO_ENTITIES, and ESC_SPECIALCHARS.
45	45	# # Activated modules from plugins or from the symfony core

Context Navigation

Changeset 3523 for sandboxes

Legend:

sandboxes/asandbox/branches/1.5/apps/frontend/config/settings.yml

Download in other formats: