Added special option 'encode' to `$htmlOptions` argument in `CHtml::errorSummary` and `CHtml::error`
shidenko97 opened this issue · 3 comments
shidenko97 commented
Problem with HTML tags in validator's error text
I want to rollback changes in file framework/web/helpers/CHtml.php from this commit . It will make HTML tags in validator's error text available again.
Q | A |
---|---|
Yii version | 1.1.22 |
PHP version | Any |
Operating system | Any |
shidenko97 commented
It has at least 4 reasons to make it.
samdark commented
I don't think it's a good idea:
- It may introduce security issue.
- It was done a long time ago so there are projects relying on the behavior.
We may introduce an option for htmlOptions to turn off HTML escaping though.
shidenko97 commented
I don't think it's a good idea:
- It may introduce security issue.
- It was done a long time ago so there are projects relying on the behavior.
We may introduce an option for htmlOptions to turn off HTML escaping though.
Yes, it looks like better idea than my. I've did it by your way.