|
|
Posted by Samuel Abels on 09/27/34 11:22
Hello,
I have a feature request: Often, it would be nice to ensure the type
safety of a variable before passing it into the template, to prevent
template authors from erroneously exposing unchecked values. For
example, insufficently checked (user manipulatable) integer values may
lead to possible Javascript injections if not casted before passed into
the template.
So to maintain safety, all such values need to be casted before being
assigned:
settype($_GET[id], 'integer');
$smarty->assign('id', $_GET[id]);
I found this to be a very common task and I believe it would be very
convenient if there were a method to do this.
$smarty->assign_integer('id', $_GET[id]);
(Of course I could just derive from Smarty and add a method myself, but
it may be a useful feature generally.)
-Samuel
Navigation:
[Reply to this message]
|