Every Textpattern tag has the responsibility of sanitizing its own output. Primary output format is HTML, so this normally would mean encoding it so that it generates safe/valid HTML markup.
Basically, the $rel, $media, $title and $file variables in goe_sass() should be run through txpspecialchars() to prevent any injections or broken HTML.
Every Textpattern tag has the responsibility of sanitizing its own output. Primary output format is HTML, so this normally would mean encoding it so that it generates safe/valid HTML markup.
Basically, the $rel, $media, $title and $file variables in goe_sass() should be run through txpspecialchars() to prevent any injections or broken HTML.