MyShaarli/tpl/picwall.html
ArthurHoaro 5f85fcd863 Working on shaarli/Shaarli#224
I reviewed character escaping everywhere with the following ideas:

  * use a single common function to escape user data: `escape` using `htmlspecialchars`.
  * sanitize fields in `index.php` after reading them from datastore and before sending them to templates.
  	It means no escaping function in Twig templates.
    2 reasons:
    * it reduces risks of security issue for future user made templates
    * more readable templates
  * sanitize user configuration fields after loading them.
2015-06-23 16:35:36 +02:00

23 lines
No EOL
553 B
HTML

<!DOCTYPE html>
<html>
<head>{include="includes"}
<script src="inc/blazy-1.3.1.min.js#"></script>
</head>
<body>
<div id="pageheader">{include="page.header"}</div>
<div class="center">
<div id="picwall_container">
{loop="linksToDisplay"}
<div class="picwall_pictureframe">
{$value.thumbnail}<a href="{$value.url}"><span class="info">{$value.title}</span></a>
</div>
{/loop}
</div>
</div>
{include="page.footer"}
<script>
var bLazy = new Blazy();
</script>
</body>
</html>