Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By r0g on
Are the return values of 'node_load' API calls sanitized in any way?
If not, is there a general API call for sanitization that will permit specific HTML tags while stripping all other tags?
Cheers,
Roger.
Comments
sanitation
You should always check the user entered content using check_plain, check_markup for example.
You don't need to check secured values as nid.
Check this post for more info: http://drupal.org/writing-secure-code