On Tue, Oct 31, 2006 at 04:55:45PM -0000, Mathieu Roy wrote: > Author: yeupou > Date: Tue Oct 31 17:55:44 2006 > New Revision: 6094 > > URL: http://svn.gna.org/viewcvs/savane?rev=6094&view=rev > Log: > Call htmlspecialchars on field that no longer accept html but did in the past > (maybe it would be cleaner to run this on these fields values in the database > and to call it on database insert, but I tend to prefer avoiding updating > database content unless necessary)
Hi, I think it would be cleaner indeed to clean-up the database. In the long: - a database with an unclear format; it will not be possible to tell whether a given field potentially contains HTML or not - there will be ad-hoc code that work around backword compatibility issues that could have been avoided; any new code will also have to deal with these issues, but it's easy to forget about them - if a user legitimately used HTML somewhere (eg for an html entity) this will result in double HTML encoding (> - > - >) What do you think? Feel free to get a dump from SV if you need more testing material. -- Sylvain _______________________________________________ Savane-dev mailing list [email protected] https://mail.gna.org/listinfo/savane-dev
