introducing a sanitize HTML function for the internal and the public API. This

allows to easily convert strings to HTML before displaying them on the web page to reduce the risk of xss vulnerabilities.
author: Bjoern Schiessle <schiessle@owncloud.com> 2012-06-19 17:20:19 +0200
committer: Bjoern Schiessle <schiessle@owncloud.com> 2012-06-19 17:20:19 +0200
commit: d2936bd90caa2b256d32e7d349449ed58b28107b (patch)
tree: 8982b0480099f5e08628e42a5471359c37897478 /lib/public/util.php
parent: 0b9a48b4b6fe7f75475c931c554fc9208a697113 (diff)
download: nextcloud-server-d2936bd90caa2b256d32e7d349449ed58b28107b.tar.gz
nextcloud-server-d2936bd90caa2b256d32e7d349449ed58b28107b.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/lib/public/util.php b/lib/public/util.php
index d79d3f26b1e..7c0cb666077 100644
--- a/lib/public/util.php
+++ b/lib/public/util.php
@@ -264,6 +264,18 @@ class Util {
 	public static function callCheck(){
 		return(\OC_Util::callCheck());
 	}
+	
+	/**
+	 * @brief Used to sanitize HTML
+	 *
+	 * This function is used to sanitize HTML and should be applied on any string or array of strings before displaying it on a web page.
+	 *
+	 * @param string or array of strings
+	 * @return array with sanitized strings or a single sinitized string, depends on the input parameter.
+	 */
+	public static function sanitizeHTML( $value ){
+		return(\OC_Util::sanitizeHTML($value)); //Specify encoding for PHP<5.4
+	}
 }
 
 ?>
author	Bjoern Schiessle <schiessle@owncloud.com>	2012-06-19 17:20:19 +0200
committer	Bjoern Schiessle <schiessle@owncloud.com>	2012-06-19 17:20:19 +0200
commit	d2936bd90caa2b256d32e7d349449ed58b28107b (patch)
tree	8982b0480099f5e08628e42a5471359c37897478 /lib/public/util.php
parent	0b9a48b4b6fe7f75475c931c554fc9208a697113 (diff)
download	nextcloud-server-d2936bd90caa2b256d32e7d349449ed58b28107b.tar.gz nextcloud-server-d2936bd90caa2b256d32e7d349449ed58b28107b.zip