MyShaarli/tpl/dailyrss.html
ArthurHoaro 5f85fcd863 Working on shaarli/Shaarli#224
I reviewed character escaping everywhere with the following ideas:

  * use a single common function to escape user data: `escape` using `htmlspecialchars`.
  * sanitize fields in `index.php` after reading them from datastore and before sending them to templates.
  	It means no escaping function in Twig templates.
    2 reasons:
    * it reduces risks of security issue for future user made templates
    * more readable templates
  * sanitize user configuration fields after loading them.
2015-06-23 16:35:36 +02:00

8 lines
No EOL
373 B
HTML

{loop="links"}
<h3><a href="{$value.url}">{$value.title}</a></h3>
<small>{if="!$GLOBALS['config']['HIDE_TIMESTAMPS']"}{function="strftime('%c', $value.timestamp)"} - {/if}{if="$value.tags"}{$value.tags}{/if}<br>
{$value.url}</small><br>
{if="$value.thumbnail"}{$value.thumbnail}{/if}<br>
{if="$value.description"}{$value.formatedDescription}{/if}
<br><br><hr>
{/loop}