...
For views producing html output to a browser, all user supplied content must be filtered. In most cases filter_var with FILTER_SANITIZE_FULL_SPECIAL_CHARS is appropriate:
Code Block | ||||
---|---|---|---|---|
| ||||
<?php print filter_var($var, FILTER_SANITIZE_FULL_SPECIAL_CHARS); ?> |
If output stripping is required or desired, use FILTER_SANITIZE_STRING with or without extra stripping flags, e.g. the following will strip tags as well as new lines (and any other character < 32):
...