Use check functions on output to prevent cross site scripting attacks
No piece of user-submitted content should ever be placed as-is into HTML.
No piece of user-submitted content should ever be placed as-is into HTML.
- - Use check_plain or theme('placeholder') for plain text.
- - Use check_markup or filter_xss for markup containing text.
- - Use the t() function with @ or % placeholders to construct safe, translatable strings.
See how to handle text in a secure fashion for more details.
Use the database abstraction layer to avoid SQL injection attacks
Use the database layer correctly.
No hay comentarios:
Publicar un comentario