This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.
The active forums are here.
February 02, 2010 7:32am
Subscribe [2]#1 / Feb 02, 2010 7:32am
Hello!
For a recent project, i used {segment_1} in my code but i have a doubt…
Write this is it secure? Is it dangerous with XSS and co?
{exp:weblog:entries weblog="{segment_1}” url_title=”{segment_2}” dynamic=“off” cat disable=“pagination|trackbacks|member_data” orderby=“date” sort=“asc”}
I known it’s basic url element but do i must verify this parameters (?) or ee check by default?
Thanks for your help!
Tom
#2 / Feb 03, 2010 9:31am
Anyone? Come on, i don’t eat you : )
#3 / Feb 03, 2010 12:06pm
Yes, it’s secure. ExpressionEngine sanitizes content, many people use segments this way; including the default behavior of ExpressionEngine (you’re re-inventing the wheel over there =) ).
#4 / Feb 05, 2010 5:29am
Thanks for your answer!
Love ee…again : )