PHP localization function should HTML-escape strings

comphist / cora

A web-based, token-level annotation tool for non-standard language data

http://www.linguistics.rub.de/comphist/resources/cora/

MIT License

10 stars 6 forks source link

PHP localization function should HTML-escape strings #56

Closed mbollmann closed 7 years ago

mbollmann commented 8 years ago

Originally reported by: Marcel Bollmann (Bitbucket: mbollmann, GitHub: mbollmann)

Localization strings should always be HTML-escaped; the JavaScript functions do this implicitly by setting the string as "text" of the HTML elements, but the PHP functions just copy the string verbatim.

Bitbucket: https://bitbucket.org/mbollmann/cora/issue/53

mbollmann commented 8 years ago

Original comment by Marcel Bollmann (Bitbucket: mbollmann, GitHub: mbollmann):

HTML-escape locale strings in PHP localizer, fixes #53

mbollmann commented 8 years ago

Original comment by Marcel Bollmann (Bitbucket: mbollmann, GitHub: mbollmann):

HTML-escape locale strings in PHP localizer, fixes #53