Formation Prestashop intégrateur: Les filtres / cleanHtml

Vous êtes ici : Accueil / Prestashop intégrateur / Les filtres / cleanHtml

<< json\_decodeclassname >>

cleanHtml

Ce filtre va garantire que votre chaîne ne contient pas de JavaScript.

Il permet de se protéger contre les attaques de type Cross-Site Scripting (XSS).

Exemple de passage de variable en PHP :

$smarty->assign(array(
    'cleanContent' => 'No 9000 COMPUTER has ever made a mistake or distorted information.',
    'badContent1' => '<script>document.getElementById("badContent1").innerHTML="badContent 1 XSS attack."</script>',
    'badContent2' => '<script>document.getElementById("badContent2").innerHTML="badContent 2 XSS attack."</script>',
));
$smarty->fetch('module:module_name/views/templates/hook/hello.tpl')

Exemple de template :

<p>{$cleanContent nofilter}</p>
<p>{$cleanContent|cleanHtml nofilter}</p>
<p id="badContent1">The 9000 series is the most reliable computer ever made.</p>
<p id="badContent2">The 9000 series has a perfect operational record.</p>
{$badContent1 nofilter}
{$badContent2|cleanHtml nofilter}

Resultat :

<p>No 9000 COMPUTER has ever made a mistake or distorted information.</p>
<p>No 9000 COMPUTER has ever made a mistake or distorted information.</p>
<p id="badContent1">badContent 1 XSS attack.</p>
<p id="badContent2">The 9000 series has a perfect operational record.</p>
© Frédéric BENOIST 2010-2023. Tous droits réservés.