Note that, in a break from the usual convention within the framework, there is no actual requirement that
FormatCurrency.php must exist in the directory ZFiA/View/Helper; it is placed in the directory that was
registed with setHelperPath(). It is wise to follow the convention though as it makes finding files easier for the
developer!
View helpers are the key to extracting common code from your view templates and ensuring that they are
easy to maintain and should be used whenever possible to simplify the view files.
Security considerations
When writing the view code, the most important security issue to be aware of is Cross Site Scripting (also
known as XSS). Cross site scripting vulnerabilities occur when unexpected HTML, CSS or Javascript is
displayed by your website. Generally, this happens when a website displays data created by a user without
checking that it is safe for display. As an example, this could happen when the text from a comment form
contains HTML and is displayed on a guestbook page ???as is???.
One of the more famous examples of an XSS exploit is the MySpace worm known as Samy. This used
specially crafted JavaScript in the profile that was displayed when you made Samy your friend. The JavaScript
would run automatically whenever anyone viewed the page and if you were logged into MySpace, then it made
Samy your ???friend???.
Pages:
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71