Raghubendra Posted August 17, 2015 Share Posted August 17, 2015 I have developed a module for Prestashop and when I validate it on the validator, I get security issues saying that - Invalid escape modifiers count, could be escaped like: "{$data|escape:'htmlall':'UTF-8'}" When I use a integer, float or string variable, then I use html or htmlall to escape the vaiables, but what if I don't want to use any escape modifiers as the smarty variable may contain some html content and I don't want to escape the html in the variable. I was using unescape or escape:'':'UTF-8' before but now they have also removed it. So, what should I use now. Please help. Link to comment Share on other sites More sharing options...
Nishith Nesdiya Posted August 17, 2015 Share Posted August 17, 2015 (edited) I have developed a module for Prestashop and when I validate it on the validator, I get security issues saying that - Invalid escape modifiers count, could be escaped like: "{$data|escape:'htmlall':'UTF-8'}" When I use a integer, float or string variable, then I use html or htmlall to escape the vaiables, but what if I don't want to use any escape modifiers as the smarty variable may contain some html content and I don't want to escape the html in the variable. I was using unescape or escape:'':'UTF-8' before but now they have also removed it. So, what should I use now. Please help. hello you can use the escape modifiers count in smarty template like as (1) int value the "{$data|intval}" (2) float value the "{$data|floatval}" Edited August 17, 2015 by Nishith (see edit history) Link to comment Share on other sites More sharing options...
Raghubendra Posted August 18, 2015 Author Share Posted August 18, 2015 I am not talking about the int or float variables. I am talking about a variable that may contain some html content in it and if I use escape:'htmlall', then all the html is striped from the variable and I do not want that. Link to comment Share on other sites More sharing options...
Nishith Nesdiya Posted August 18, 2015 Share Posted August 18, 2015 I am not talking about the int or float variables. I am talking about a variable that may contain some html content in it and if I use escape:'htmlall', then all the html is striped from the variable and I do not want that. hi.. read this topic https://www.prestashop.com/forums/topic/449853-prestashop-validator-issue/ https://www.prestashop.com/forums/topic/368257-prestashop-validator-issue-in-prestashop-module-development/ help you. Link to comment Share on other sites More sharing options...
Raghubendra Posted August 21, 2015 Author Share Posted August 21, 2015 Thanks for the replies. I have uploaded the module after mentioning the reasons in comments. Lets see what they do. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now