A secure theme system - but what about double escaping?

Events happening in the community are now at Drupal community events on www.drupal.org.

Posted by chx on October 20, 2012 at 4:07am

Security was always Drupal's highest priority. However, the theming system was never as secure we wished it was. We are proposing using Twig and its auto escape feature (although any auto escaping theme engine could be used). This raises the problem of double escapes. Read more on the problems and the suggested solutions at http://drupal.org/node/1818266 . Carefully thought out feedback would be much appreciated.

Core

You must register or login in order to post into this group.

Group organizers

webchick
gábor hojtsy
xjm

New groups

Arabic
Alappuzha
Event Platform
Western Ohio User Group
Goa Drupal Community
Liverpool
Chandigarh Drupal Geeks (C.D.G.)
API-First Working Group
Compony opinionated developers
4SPOTS

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

All posts:
- Feed
- Page