From 28698982ff6dc67a331788c2637bce8689121769 Mon Sep 17 00:00:00 2001 From: polo-pc-greta Date: Thu, 8 May 2025 12:32:34 +0200 Subject: =?UTF-8?q?modif=20page,=20cr=C3=A9ation=20d'un=20bloc?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/controller/Security.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/controller/Security.php') diff --git a/src/controller/Security.php b/src/controller/Security.php index f9092e2..7d592e9 100644 --- a/src/controller/Security.php +++ b/src/controller/Security.php @@ -3,6 +3,8 @@ // // htmlawed nettoie les entrées de l'utilisateur, en particulier le html de l'éditeur +declare(strict_types=1); + class Security { private static $configHtmLawed = array( @@ -14,10 +16,10 @@ class Security // liste noire d'attributs HTML 'deny_attribute'=> 'id, class' // on garde 'style' ); - // faire qu'un certain élément puisse n'avoir que certains attributs, regarder la doc private static $specHtmLawed = ''; + // ATTENTION, n'applique pas htmlspecialchars() !! public static function secureString(string $chaine): string { return trim(htmLawed($chaine, self::$configHtmLawed, self::$specHtmLawed));; -- cgit v1.2.3