So I’m injecting a dynamic value into a stylesheet. It comes from importing a value in the SMART json files but module writers could alter that value so it should be escaping in my opinion. I looked at htmlspecialchars.inc.php but I’m not seeing any existing functions to use for escaping stylesheet values. Do we have something, or do we need to implement a method for escaping inline style values. I know some security sites discourage inline <style> anyways but we have it already in a bunch of places in OpenEMR so should probably handle this.
@brady.miller I know this is your domain expertise so if you have any thoughts let me know.