Development

#1444 ([PATCH] FormHelper: textarea_tag does not escape passed value)

You must first sign up to be able to contribute.

Ticket #1444 (closed defect: fixed)

Opened 1 year ago

Last modified 1 year ago

[PATCH] FormHelper: textarea_tag does not escape passed value

Reported by: Jeroen Assigned to:
Priority: minor Milestone: 1.0.0
Component: Version: 1.0.0-rc1
Keywords: Cc:
Qualification:

Description

When running Symfony 1.0.0-RC2 with default settings, values provided through textarea_tag($name,$value) are not properly escaped, while values provided through input_tag($name,$value) are.

For example, writing the following in a template: 

<?php echo input_tag('test01', 'foor"><b>bar</b>'); ?>
<?php echo textarea_tag('test02', 'foo</textarea><b>bar</b>'); ?>

would cause the textarea to be closed prematurely, while the text-input would be rendered correctly.

Jeroen.

Attachments

FormHelper.patch (0.7 kB) - added by vanchuck on 02/14/07 22:47:46.

Change History

02/14/07 22:47:46 changed by vanchuck

  • attachment FormHelper.patch added.

02/14/07 22:49:28 changed by vanchuck

  • summary changed from FormHelper: textarea_tag does not escape passed value to [PATCH] FormHelper: textarea_tag does not escape passed value.

Initially I assumed this was to allow the rich text editor content to render properly, but in reality, when rich=true, the textarea_tag returns with a completely different statement...

It is an easy fix, I have attached a one-line patch file for the change.

02/18/07 10:08:00 changed by fabien

  • status changed from new to closed.
  • resolution set to fixed.

(In [3491]) fixed FormHelper?: textarea_tag does not escape passed value (closes #1444)

02/18/07 10:08:14 changed by fabien

  • milestone set to 1.0.0.