Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Technical Support
Re: PHP Bitcoin Node Status Page
by
Nikinger
on 10/01/2015, 15:27:57 UTC
Quote from: terrytibbs on January 09, 2015, 12:13:04 PM
Quote from: CraigWatson on January 09, 2015, 12:06:26 PM
Quote from: terrytibbs on January 09, 2015, 12:05:51 PM
You need to sanitize the protocol subversion before displaying it to users.

Any particular reason?
Nevermind, the client does it for you these days: https://github.com/bitcoin/bitcoin/commit/a946aa8d3ec7009ac670eeb65a525efe5eeb6e84

I haven't been around for a while.
This fix was made at version 0.9 (if I read it correctly). When doing a "getpeerlist" on my own client (or visiting CraigWatson's status page), I see some clients still having <0.9.
I think htmlspecialchars() shouldn't hurt. It's better than potentially endangering webmasters who integrates the status page on a <0.9 node.