yiisoft/yii

Added special option 'encode' to `$htmlOptions` argument in `CHtml::errorSummary` and `CHtml::error`

shidenko97 opened this issue · 3 comments

Problem with HTML tags in validator's error text

I want to rollback changes in file framework/web/helpers/CHtml.php from this commit . It will make HTML tags in validator's error text available again.

Q A
Yii version 1.1.22
PHP version Any
Operating system Any

It has at least 4 reasons to make it.

I don't think it's a good idea:

  1. It may introduce security issue.
  2. It was done a long time ago so there are projects relying on the behavior.

We may introduce an option for htmlOptions to turn off HTML escaping though.

I don't think it's a good idea:

  1. It may introduce security issue.
  2. It was done a long time ago so there are projects relying on the behavior.

We may introduce an option for htmlOptions to turn off HTML escaping though.

Yes, it looks like better idea than my. I've did it by your way.