Commit graph

4 commits

Author SHA1 Message Date
ArthurHoaro
5f85fcd863 Working on shaarli/Shaarli#224
I reviewed character escaping everywhere with the following ideas:

  * use a single common function to escape user data: `escape` using `htmlspecialchars`.
  * sanitize fields in `index.php` after reading them from datastore and before sending them to templates.
  	It means no escaping function in Twig templates.
    2 reasons:
    * it reduces risks of security issue for future user made templates
    * more readable templates
  * sanitize user configuration fields after loading them.
2015-06-23 16:35:36 +02:00
ArthurHoaro
8079dfd1cd W3C compliance (work on issue #64 - https://github.com/shaarli/Shaarli/issues/64):
* fix duplicate IDs - #paging_older, #paging_newer become classes as the paging is displayed twice (top, bottom) in the linklist
  * fix duplicate IDs - #paging_privatelinks and #paging_linksperpage become classes
  * daily links are now valid (use &amp)
  * name attribute is not used anymore on a tag in link list
  * center tag is replaced by CSS in picwall and tag cloud
  * action in form tag can't be empty, use # instead
  * fixed configure table with CSS instead of cellpadding, border, and valign
  * export links are now valid
  * remove "size" in input tag
  * Fix missing alt attributes for img elements
  * tpl/daily: Use HTML entities instead of char escape codes
  * tpl/export: fix missing </span> closing tag
  * Remove obsolete language attribute on <script> elements
2015-01-08 10:15:05 +01:00
nodiscc
ad6c27b7b8 Fix grammar, punctuation, spelling, trailing whitepaces and newlines; Fix typo in css
Based on respencer's work at https://github.com/respencer/Shaarli/
Closes https://github.com/sebsauvage/Shaarli/pull/103
2014-08-19 18:01:15 +02:00
Sébastien SAUVAGE
450342737c Initial commit (version 0.0.40 beta) 2013-02-26 10:09:41 +01:00