Contrib.social

Optionally escape output of devel/php form

Open on Drupal.org →
Created on 12 September 2018, almost 7 years ago
Updated 13 January 2024, over 1 year ago

Problem/Motivation

If the output of the code executed on what a user submits on the devel/php form is html, for example when making a curl request to a site, then the html is currently rendered by the browser, which is not only an inconvenience, but could result in malicious JS being executed, etc.

Example:

$curl = curl_init('https://google.com');
$result = curl_exec($curl);
print($result);
curl_close($curl);

Proposed resolution

Provide a checkbox to allow the user to optionally escape all output.

Remaining tasks

Do it.

User interface changes

New checkbox on the devel/php form.

API changes

None.

Data model changes

None.

Feature request
Status

Closed: outdated

Version

1.0

Component

Code

Created by

🇪🇸Spain manuel garcia

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment over 1 year ago
    🇫🇷France Grimreaper France 🇫🇷

    Hi,

    Closing as there was no activity on this issue for years.

    If someone still needs it, feel free to re-open and use a fork and MR instead of patch.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024