Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I use XSLT as template engine in my PHP framework. HTML forms are in XML files and XSLT transforms it to HTML.
How to refill forms after submit?
Now framework converts all $_POST and $_GET into xml and pass to XSLTProcessor. XSLT template puts that information into correct HTML input elements.
Is it save to do it like this? Maybe there is a better way to do this?
As long as the framework uses htmlentities() to make sure you can’t add xml elements before it goes to the XSLTProcessor then you’re fine.
The security assumptions here are: you control the server output, but user input is never to be trusted.