You are here

function fp_no_html_xss

Search API

6.x misc.inc	`fp_no_html_xss($string)`
5.x misc.inc	`fp_no_html_xss($string)`

Remove any possiblilty of a malicious attacker trying to inject nonsense. From: https://paragonie.com/blog/2015/06/preventing-xss-vulnerabilities-in-php...

1 call to fp_no_html_xss()

fp_render_form in includes/render.inc: Render the form array from the callback to the screen, and set the form to save itself in our default submit handler. Valid form_types are: "system_settings" => values automatically saved to variables table. "normal" or BLANK…

File

includes/misc.inc, line 447: This file contains misc functions for FlightPath

Code

function fp_no_html_xss($string) {
  return htmlentities($string, ENT_QUOTES, 'UTF-8');
  //return htmlentities($string, ENT_QUOTES | ENT_HTML5, 'UTF-8');  // ENT_HTML5 requires PGP 5.4+
}