Smarty Forum Index Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon.
  www.smarty.net   •  phpinsider.com  •  Forum Index  •  FAQ  •  Search  •  Memberlist  •  Profile  •  Log in to check your private messages  •  Register  •  Log in
Handling JSON output

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> General
View previous topic :: View next topic  
Author Message
mad_griffith
Smarty n00b


Joined: 28 Oct 2018
Posts: 4
PostPosted: Sun Oct 28, 2018 4:24 pm    Post subject: Handling JSON output Reply with quote
Hi, I have a multidimensional array in PHP that I am json_encode'ing in order to add the resulting object in some javascript code to be displayed in a smarty/html file. The problem is that the JSON object will always be rendered with escaped double quotes and I can't use the "nofilter" modifier on the twig variable because I need to handle XSS.
How would you guy tackle this?

Last edited by mad_griffith on Tue Oct 30, 2018 8:49 pm; edited 1 time in total
Back to top
View user's profile Send private message
AnrDaemon
Administrator


Joined: 03 Dec 2012
Posts: 1785
PostPosted: Tue Oct 30, 2018 8:48 pm    Post subject: Reply with quote
How's this related to Smarty?
Back to top
View user's profile Send private message
mad_griffith
Smarty n00b


Joined: 28 Oct 2018
Posts: 4
PostPosted: Tue Oct 30, 2018 8:50 pm    Post subject: Reply with quote
AnrDaemon wrote:
How's this related to Smarty?


My bad, I wrote "twig" all over the place, but it's indeed smarty I meant to say.
Back to top
View user's profile Send private message
mad_griffith
Smarty n00b


Joined: 28 Oct 2018
Posts: 4
PostPosted: Tue Oct 30, 2018 8:51 pm    Post subject: Re: Handling JSON output Reply with quote
mad_griffith wrote:
Hi, I have a multidimensional array in PHP that I am json_encode'ing in order to add the resulting object in some javascript code to be displayed in a smarty/html file. The problem is that the JSON object will always be rendered with escaped double quotes and I can't use the "nofilter" modifier on the smarty variable because I need to handle XSS.
How would you guy tackle this?
Back to top
View user's profile Send private message
AnrDaemon
Administrator


Joined: 03 Dec 2012
Posts: 1785
PostPosted: Tue Oct 30, 2018 9:22 pm    Post subject: Reply with quote
XSS is not cause by some printing, it's caused by unsafe input handling.
Back to top
View user's profile Send private message
mad_griffith
Smarty n00b


Joined: 28 Oct 2018
Posts: 4
PostPosted: Tue Oct 30, 2018 9:28 pm    Post subject: Reply with quote
AnrDaemon wrote:
XSS is not cause by some printing, it's caused by unsafe input handling.


Ofc. But I am building a Prestashop module and my module got rejected by an automatic validation because of "nofilter", so I would need to find an alternative.
Back to top
View user's profile Send private message
AnrDaemon
Administrator


Joined: 03 Dec 2012
Posts: 1785
PostPosted: Tue Oct 30, 2018 9:44 pm    Post subject: Reply with quote
Yet again, bring that up with Prestashop support.
This has nothing to do with Smarty.

P.S.
I cleaned your misleading posts in another thread.
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> General All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP