Replies: 2 comments 3 replies
-
It is used as an escape function for outputs. It's just applied to the inputs. If you removed it there would be no escaping of the output. If you need the un-escaped version you would need to decode and then escape as necessary for any output. |
Beta Was this translation helpful? Give feedback.
3 replies
-
You should always know what you output, and not rely on the template engine to do all the modifications of the output data. There are themes and/or OpenCart extensions which may use a different template engine. In fact, Twig is one of the worst template engines around, it just happens to be widely used. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
(
opencart/upload/system/library/request.php
Line 47 in 91a3ece
htmlspecialchars is an output filter, to be used only when actually outputting data into a HTML-aware environment. It's not an input filter. I see this function as useless in this case and potentially dangerous as it can corrupt the data. Perhaps I do not know the reason for such an implementation, could you explain?
Beta Was this translation helpful? Give feedback.
All reactions