It is useful to prevent html injection (and a few similar) attacks. Imagine the following: someone registers as "<h1>username</h1>", and then you create a user list page. If you'd simply output the name, his name would be quite big, but with symfony's output escaping simply echoing `$user->username` is safe.
Output escaping is on by default since 1.3, can be turned off at app generation or in the config directory. However, you should leave it enabled an use getRaw() when absolutely neccesary. On Mon, Feb 7, 2011 at 19:17, Javier Garcia <tirengar...@gmail.com> wrote: > Hi, > > when i do a sfGuardUserPeer::doSelect(new Criteria()), i get an object > like this: > > object(sfOutputEscaperArrayDecorator)[114] > private 'count' => int 1 > protected 'value' => > array > 0 => > object(sfGuardUser)[108] > protected 'profile' => null > protected 'groups' => null > protected 'permissions' => null > protected 'allPermissions' => null > protected 'id' => int 2 > protected 'username' => string 'sv (length=13) > protected 'algorithm' => string 'sha1' (length=4) > protected 'salt' => string > '473229c98974bde4977f318d65695b4f' (length=32) > protected 'password' => string > '4ffdda9d9a980aa7d076911da05f717eff48907a' (length=40) > protected 'created_at' => string '2011-02-07 > 18:51:40' (length=19) > protected 'last_login' => null > .... > > > As you can see what I get is an sfOutputEscaperArrayDecorator object. > But what does it serve for/is usefull? If I have to show the users > retrieved, I have to use allways getRaw()...... > > sf 1.4/propel > > Regards > > Javi > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony users" group. > To post to this group, send email to symfony-users@googlegroups.com > To unsubscribe from this group, send email to > symfony-users+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
