5f85fcd863
I reviewed character escaping everywhere with the following ideas:
* use a single common function to escape user data: `escape` using `htmlspecialchars`.
* sanitize fields in `index.php` after reading them from datastore and before sending them to templates.
It means no escaping function in Twig templates.
2 reasons:
* it reduces risks of security issue for future user made templates
* more readable templates
* sanitize user configuration fields after loading them.
9 lines
659 B
HTML
9 lines
659 B
HTML
<div id="footer">
|
|
<b><a href="https://github.com/shaarli/Shaarli">Shaarli</a></b> - The personal, minimalist, super-fast, no-database delicious clone by the <a href="https://github.com/shaarli/Shaarli">Shaarli</a> community - <a href="doc/Home.html">Help/documentation</a>
|
|
</div>
|
|
{if="$newversion"}
|
|
<div id="newversion"><span id="version_id">●</span> Shaarli {$newversion} is <a href="https://github.com/shaarli/Shaarli/releases">available</a>.</div>
|
|
{/if}
|
|
{if="isLoggedIn()"}
|
|
<script>function confirmDeleteLink() { var agree=confirm("Are you sure you want to delete this link ?"); if (agree) return true ; else return false ; }</script>
|
|
{/if}
|