Filtered_parameters property empty in some H5PContent entities

Created on 7 March 2019, over 6 years ago

Updated 23 July 2025, 20 days ago

When I loaded all my HPContent entities using \Drupal::entityTypeManager()->getStorage("h5p_content")->loadMultiple() I discovered, that some of them containt data only in parameters property (filtered_parameters is empty). That's a problem, because I've used filtered_parameters in my custom code because it's considered safe as described at https://h5p.org/comment/9293#comment-9293. Is it a correct behavior?

💬 Support request

Status

Active

Component

Code

Created by

🇨🇿Czech Republic milos.kroulik

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment 20 days ago →
🇺🇸United States illeace
I think it depends on what the data is and how you're using it in your custom code. You obviously need to be careful about displaying any user input (from the H5P interactive) on a web page to avoid XSS and other potential vulnerabilities. On the other hand, it's probably safe to use an unfiltered boolean or integer in your custom code.

I realize it's been a long time since you posted this question, but if you're still using H5P, could you give an example of the value that doesn't exist in filtered_parameters and how you want to use it in your custom code?

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024