Escaping moved to template

https://github.com/friendica/friendica/pull/6147#pullrequestreview-176051481

diff --git a/src/App.php b/src/App.php
index 013c12b90896265eddff33fc346d4d0865581746..445101309384a2f651b46fd69f78b507835538a4 100644 (file)
--- a/src/App.php
+++ b/src/App.php
@@ -116,7 +116,7 @@ class App
        public function registerStylesheet($path)
        {
                $url = str_replace($this->getBasePath() . DIRECTORY_SEPARATOR, '', $path);
-               $url = htmlspecialchars($url, ENT_COMPAT, 'UTF-8');
+
                $this->stylesheets[] = trim($url, '/');
        }
 

diff --git a/view/templates/head.tpl b/view/templates/head.tpl
index e76b97b8b94c87822daf51c9ee43f49d3b369ff6..f1983d7dc6d9137b3860ce5e92ef2ff3647ec8ea 100644 (file)
--- a/view/templates/head.tpl
+++ b/view/templates/head.tpl
@@ -9,7 +9,7 @@
 <link rel="stylesheet" href="view/asset/perfect-scrollbar/css/perfect-scrollbar.min.css" type="text/css" media="screen" />
 
 {{foreach $stylesheets as $stylesheetUrl}}
-<link rel="stylesheet" href="{{$stylesheetUrl}}" type="text/css" media="screen" />
+<link rel="stylesheet" href="{{$stylesheetUrl|escape:"html":"UTF-8"}}" type="text/css" media="screen" />
 {{/foreach}}
 
 <link rel="shortcut icon" href="{{$shortcut_icon}}" />

diff --git a/view/theme/frio/templates/head.tpl b/view/theme/frio/templates/head.tpl
index d8f8b1d82dc531bc1e7906d81eb534226e1606fc..c8d30c0b5010cb510298eae5e114706b59998544 100644 (file)
--- a/view/theme/frio/templates/head.tpl
+++ b/view/theme/frio/templates/head.tpl
@@ -26,7 +26,7 @@
 <link rel="stylesheet" href="view/theme/frio/font/open_sans/open-sans.css" type="text/css" media="screen"/>
 
 {{foreach $stylesheets as $stylesheetUrl}}
-<link rel="stylesheet" href="{{$stylesheetUrl}}" type="text/css" media="screen" />
+<link rel="stylesheet" href="{{$stylesheetUrl|escape:"html":"UTF-8"}}" type="text/css" media="screen" />
 {{/foreach}}
 
 {{* own css files *}}