Formation Prestashop intégrateur: Les filtres / cleanHtml
Vous êtes ici : Accueil / Prestashop intégrateur / Les filtres / cleanHtml
cleanHtml
Ce filtre va garantire que votre chaîne ne contient pas de JavaScript.
Il permet de se protéger contre les attaques de type Cross-Site Scripting (XSS).
Exemple de passage de variable en PHP :
$smarty->assign(array(
'cleanContent' => 'No 9000 COMPUTER has ever made a mistake or distorted information.',
'badContent1' => '<script>document.getElementById("badContent1").innerHTML="badContent 1 XSS attack."</script>',
'badContent2' => '<script>document.getElementById("badContent2").innerHTML="badContent 2 XSS attack."</script>',
));
$smarty->fetch('module:module_name/views/templates/hook/hello.tpl')
Exemple de template :
<p>{$cleanContent nofilter}</p>
<p>{$cleanContent|cleanHtml nofilter}</p>
<p id="badContent1">The 9000 series is the most reliable computer ever made.</p>
<p id="badContent2">The 9000 series has a perfect operational record.</p>
{$badContent1 nofilter}
{$badContent2|cleanHtml nofilter}
Resultat :
<p>No 9000 COMPUTER has ever made a mistake or distorted information.</p>
<p>No 9000 COMPUTER has ever made a mistake or distorted information.</p>
<p id="badContent1">badContent 1 XSS attack.</p>
<p id="badContent2">The 9000 series has a perfect operational record.</p>