но вся штука в том чтоString values assigned to JavaScript variables must be escaped to prevent XSS attacks.
- In your PHP code, please cast the integer values that you use above to (int) and remove the quotes from above code block.
- In your PHP code, please apply addslashes() to your string values when assigning them to the template and use the A_ prefix for your template variable names to signal that their value has been escaped.
- For language variables, instead of the usual L_ prefix, please use LA_. This will escape the language string for you.
addslashes()
и затем A_ prefix
не работает...или я что то не так делаю?в коде пишу
TMP_VAR = addslashes('тра ля ля');
в темплате
{A_TMP_VAR}