Give a warning in the editor when using rawoutput, to make the developer aware that using this feature potentially enables javascript injection for the content that is produced in rawoutput. It should only be used for static content, content that is already escaped (e.g. displaying a stored rendered template), or only relies on input from trusted/admin users.

Submitted by Danny Groenewegen on 12 March 2013 at 14:53

Log in to post comments