XMB 1.9.12 Schema String Audit: Difference between revisions
From XMBdocs
Miqrogroove (talk | contribs) Moved from the I/O Model article |
Miqrogroove (talk | contribs) Corrected smilies |
||
| Line 250: | Line 250: | ||
| type || Hard-coded, non-HTML | | type || Hard-coded, non-HTML | ||
|- | |- | ||
| code || Encoded input, | | code || Encoded input, may contain quotes | ||
|- | |- | ||
| url || Encoded input, | | url || Encoded input, may contain quotes | ||
|} | |} | ||
Revision as of 09:16, 2 July 2025
Return to I/O_Model
| Name | Format |
|---|---|
| filename | Filtered input, may contain single quotes |
| filetype | Filtered input, may contain HTML |
| filesize | Calculated, non-HTML |
| img_size | Calculated, non-HTML |
| subdir | Calculated, non-HTML |
| Name | Format |
|---|---|
| username | Encoded input, safe for HTML |
| buddyname | Encoded input, safe for HTML |
| Name | Format |
|---|---|
| imagehash | Calculated, non-HTML |
| imagestring | Calculated, non-HTML |
| Name | Format |
|---|---|
| username | Encoded input, safe for HTML |
| type | Hard-coded, non-HTML |
| Name | Format |
|---|---|
| type | Hard-coded, non-HTML |
| name | Encoded input, double-slashed, may contain single quotes |
| status | Hard-coded, non-HTML |
| lastpost | Encoded input, safe for HTML |
| moderator | Encoded input, may contain quotes |
| description | Encoded input, may contain quotes |
| allowsmilies | Hard-coded, non-HTML |
| allowbbcode | Hard-coded, non-HTML |
| userlist | Encoded input, may contain quotes |
| postperm | Calculated, non-HTML |
| allowimgcode | Hard-coded, non-HTML |
| attachstatus | Hard-coded, non-HTML |
| password | Raw input, may contain HTML |
| Name | Format |
|---|---|
| devname | Hard-coded, non-HTML |
| Name | Format |
|---|---|
| langkey | Hard-coded, non-HTML |
| Name | Format |
|---|---|
| cdata | Raw HTML |
| Name | Format |
|---|---|
| username | Encoded input, safe for HTML |
| action | Raw input, may contain HTML |
| Name | Format |
|---|---|
| username | Encoded input, safe for HTML |
| password | Raw input, may contain HTML |
| Encoded input, safe for HTML | |
| site | Encoded input, safe for HTML |
| aim | Encoded input, safe for HTML |
| status | Hard-coded, non-HTML |
| location | Encoded input, safe for HTML |
| bio | Encoded input, safe for HTML |
| sig | Encoded input, safe for HTML |
| showemail | Hard-coded, non-HTML |
| icq | Integer input, safe for HTML |
| avatar | Encoded input, safe for HTML |
| yahoo | Encoded input, safe for HTML |
| customstatus | Raw input, may contain HTML |
| bday | Calculated, non-HTML |
| langfile | Hard-coded, non-HTML |
| newsletter | Hard-coded, non-HTML |
| regip | Raw input, non-HTML |
| msn | Encoded input, safe for HTML |
| ban | Hard-coded, non-HTML |
| dateformat | Filtered input, non-HTML |
| ignoreu2u | Encoded input, may contain quotes |
| mood | Encoded input, safe for HTML |
| u2ufolders | Encoded input, safe for HTML |
| saveogu2u | Hard-coded, non-HTML |
| emailonu2u | Hard-coded, non-HTML |
| useoldu2u | Hard-coded, non-HTML |
| sub_each_post | Hard-coded, non-HTML |
| waiting_for_mod | Hard-coded, non-HTML |
| Name | Format |
|---|---|
| author | Encoded input, safe for HTML |
| message | Encoded input, double-slashed, may contain quotes |
| subject | Encoded input, double-slashed, safe for HTML |
| icon | Encoded input, safe for HTML |
| usesig | Hard-coded, non-HTML |
| useip | Raw input, non-HTML |
| bbcodeoff | Hard-coded, non-HTML |
| smileyoff | Hard-coded, non-HTML |
| Name | Format |
|---|---|
| title | Raw input, may contain HTML |
| allowavatars | Hard-coded, non-HTML |
| avatarrank | Encoded input, safe for HTML |
| Name | Format |
|---|---|
| name | Raw input, may contain HTML |
| Name | Format |
|---|---|
| token | Calculated, non-HTML |
| username | Encoded input, safe for HTML |
| replaces | Calculated, non-HTML |
| agent | Raw input, may contain HTML |
| Name | Format |
|---|---|
| name | Hard-coded, non-HTML |
| value | Encoded input, safe for HTML |
| Name | Format |
|---|---|
| type | Hard-coded, non-HTML |
| code | Encoded input, may contain quotes |
| url | Encoded input, may contain quotes |
| Name | Format |
|---|---|
| name | Hard-coded, non-HTML |
| template | Raw HTML |
| Name | Format |
|---|---|
| name | Encoded input, safe for HTML |
| bgcolor | Encoded input, may contain quotes |
| altbg1 | Encoded input, may contain quotes |
| altbg2 | Encoded input, may contain quotes |
| link | Encoded input, may contain quotes |
| bordercolor | Encoded input, may contain quotes |
| header | Encoded input, may contain quotes |
| headertext | Encoded input, may contain quotes |
| top | Encoded input, may contain quotes |
| catcolor | Encoded input, may contain quotes |
| tabletext | Encoded input, may contain quotes |
| text | Encoded input, may contain quotes |
| borderwidth | Encoded input, may contain quotes |
| tablewidth | Encoded input, may contain quotes |
| tablespace | Encoded input, may contain quotes |
| font | Encoded input, may contain quotes |
| fontsize | Encoded input, may contain quotes |
| boardimg | Encoded input, may contain quotes |
| imgdir | Encoded input, may contain quotes |
| admdir | Encoded input, may contain quotes |
| smdir | Encoded input, may contain quotes |
| cattext | Encoded input, may contain quotes |
| Name | Format |
|---|---|
| subject | Encoded input, double-slashed, safe for HTML |
| icon | Encoded input, safe for HTML |
| lastpost | Encoded input, safe for HTML |
| author | Encoded input, safe for HTML |
| closed | Calculated, non-HTML |
| Name | Format |
|---|---|
| token | Calculated, non-HTML |
| username | Encoded input, safe for HTML |
| action | Calculated, non-HTML |
| object | Calculated, non-HTML |
| Name | Format |
|---|---|
| msgto | Encoded input, safe for HTML |
| msgfrom | Encoded input, safe for HTML |
| owner | Encoded input, safe for HTML |
| folder | Encoded input, safe for HTML |
| subject | Encoded input, double-slashed, safe for HTML |
| message | Encoded input, double-slashed, may contain quotes |
| Name | Format |
|---|---|
| vote_option_text | Encoded input, may contain quotes |
| Name | Format |
|---|---|
| vote_user_ip | Raw input, non-HTML |
| Name | Format |
|---|---|
| username | Encoded input, safe for HTML |
| ip | Raw input, non-HTML |
| location | Raw input, may contain HTML |
| Name | Format |
|---|---|
| find | Encoded input, may contain quotes |
| replace1 | Encoded input, may contain quotes |
