Added escapeCss function #5299

jeff-matthews · 2019-08-30T14:03:26Z

Purpose of this pull request

This pull request (PR) adds an example of the escapeCss function.

Fixes #5273

Affected DevDocs pages

https://devdocs.magento.com/guides/v2.3/frontend-dev-guide/templates/template-security.html

whatsnew
Added an example of the escapeCss function to the Templates XSS security topic.

guides/v2.3/frontend-dev-guide/templates/template-security.md

atwixfirster · 2019-09-04T19:18:56Z

Hi, @meker12!

I want to say that this:

<div style="<?= $block->escapeCss("background: #000\"><script>alert(1)</script>") ?>"></div>

will return

<div style="background\3A \20 \23 000\22 \3E \3C script\3E alert\28 1\29 \3C \2F script\3E "></div>

dobooth

A few trailing double backslashes on the Case lines.

guides/v2.3/frontend-dev-guide/templates/template-security.md

Co-Authored-By: Margaret Eker <meker@adobe.com>

dobooth · 2019-09-06T16:11:27Z

running tests

Added escapeCss function

7fba3ca

jeff-matthews requested a review from lenaorobei August 30, 2019 14:03

jeff-matthews self-assigned this Aug 30, 2019

m2-community-project bot added the Progress: review label Aug 30, 2019

jeff-matthews added 2.3.x Magento 2.3 related changes Major Update Significant original updates to existing content Internal Dev Differentiates work between community and Magento staff and removed Progress: review labels Aug 30, 2019

jeff-matthews requested a review from a team August 30, 2019 14:07

atwixfirster reviewed Aug 31, 2019

View reviewed changes

guides/v2.3/frontend-dev-guide/templates/template-security.md Show resolved Hide resolved

Added example output for escaping CSS

e9cc565

dobooth changed the base branch from master to small-changes September 4, 2019 19:03

m2-community-project bot added the Progress: review label Sep 4, 2019

dobooth changed the base branch from small-changes to master September 4, 2019 19:04

meker12 approved these changes Sep 4, 2019

View reviewed changes

guides/v2.3/frontend-dev-guide/templates/template-security.md Show resolved Hide resolved

m2-community-project bot assigned meker12 Sep 4, 2019

m2-community-project bot added Progress: approved and removed Progress: review labels Sep 4, 2019

jeff-matthews and others added 2 commits September 4, 2019 15:28

Move output HTML to a new code block

ccb0b8d

Removed contractions.

872ad19

dobooth reviewed Sep 4, 2019

View reviewed changes

m2-community-project bot assigned dobooth Sep 4, 2019

m2-community-project bot added Progress: review and removed Progress: approved labels Sep 4, 2019

meker12 reviewed Sep 5, 2019

View reviewed changes

guides/v2.3/frontend-dev-guide/templates/template-security.md Outdated Show resolved Hide resolved

jeff-matthews and others added 2 commits September 5, 2019 07:11

Update guides/v2.3/frontend-dev-guide/templates/template-security.md

53f969d

Co-Authored-By: Margaret Eker <meker@adobe.com>

Removed back slashes.

0ac7b39

dobooth approved these changes Sep 6, 2019

View reviewed changes

Merge branch 'master' into 5273-add-escapeCss-example

c254f18

dobooth merged commit b9c1f00 into master Sep 6, 2019

dobooth deleted the 5273-add-escapeCss-example branch September 6, 2019 16:28

m2-community-project bot removed the Progress: review label Sep 6, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Added escapeCss function #5299

Added escapeCss function #5299

Uh oh!

jeff-matthews commented Aug 30, 2019

Uh oh!

Uh oh!

Uh oh!

atwixfirster commented Sep 4, 2019

Uh oh!

dobooth left a comment

Uh oh!

Uh oh!

dobooth commented Sep 6, 2019

Uh oh!

Uh oh!

Added escapeCss function #5299

Added escapeCss function #5299

Uh oh!

Conversation

jeff-matthews commented Aug 30, 2019

Purpose of this pull request

Affected DevDocs pages

Uh oh!

Uh oh!

Uh oh!

atwixfirster commented Sep 4, 2019

Uh oh!

dobooth left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

dobooth commented Sep 6, 2019

Uh oh!

Uh oh!