Context Navigation

Changeset 3389644

Timestamp:

11/04/2025 12:16:36 PM (5 months ago)

Author:

sheetdb

Message:

updated escape rules in readme

Location:

sheetdb/trunk

Files:

-                      r3389153
+                      r3389644
 Tested up to: 6.9.0
 Requires PHP: 5.4
 Stable tag: 1.3.5
+Stable tag: 1.3.6
 License: GPLv2 or later
 …
 * sort-order - sort in `asc` or `desc` order
 * lazy-loading - If you set this attribute to true, the api call will be executed only when the user reaches the point of the table. If your table is lower on the page this can help reduce request consumption.
+HTML rendering and safety:
+* Using `{{name}}` renders plain text only. Any HTML is escaped and will not be executed or rendered.
+* Using `{{html:name}}` allows most safe HTML tags to render (e.g. `a`, `p`, `ul`, `li`, `strong`, `em`, `img` with safe attributes). Potentially dangerous tags and attributes (e.g. `<script>`, `<iframe>`, `<object>`, `<embed>`, inline `on*` event handlers, and `javascript:` URLs) are stripped/sanitized.
+This behavior is intentional for security reasons to prevent XSS and code injection from spreadsheet content.
+Security recommendation:
+* For best security, configure your SheetDB API as read-only: enable only `GET` and disable `POST`, `PATCH`, and `DELETE`. This prevents anyone from modifying your data via exposed API keys or URLs.
 Additional information:

-                      r3389153
+                      r3389644
 Plugin name: SheetDB
 Description: The SheetDB wordpress plugin allows you to easily add content from Google Spreadsheet to your wordpress site.
 Version: 1.3.5
+Version: 1.3.6
 Author: SheetDB
 Author URI: https://sheetdb.io/
 …
         public function enqueueAssets()
+        {
             wp_enqueue_script('sheetdb-js', plugins_url('assets/js/sheetdb-handlebars-1.2.5.js', __FILE__));
+            wp_enqueue_script('sheetdb-js', plugins_url('assets/js/sheetdb-handlebars-1.2.6.js', __FILE__));
+        }

Note: See TracChangeset for help on using the changeset viewer.