diff options
Diffstat (limited to 'includes/form.inc')
| -rw-r--r-- | includes/form.inc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/includes/form.inc b/includes/form.inc index 21f7224dd..229338931 100644 --- a/includes/form.inc +++ b/includes/form.inc @@ -2379,6 +2379,11 @@ function form_clean_id($id = NULL, $flush = FALSE) { * batch_process(); * @endcode * + * Note - if the batch 'title', 'init_message', 'progress_message', + * or 'error_message' could contain any user input, it is the responsibility of + * the code calling batch_set() to sanitize them first with a function like + * check_plain() or filter_xss(). + * * Sample batch operations: * @code * // Simple and artificial: load a node of a given type for a given user |