is this the correct way to add META TAGS using CakePHP 2.4?

Question

I have the default template and a view named home.ctp

When the user call the home page / the home view is rendered inside default.ctp.

In my view I have:

<?php

$this->set('title', 'This is the title');

$this->set('description', 'This is the description');

...
?>

and in my default.ctp I have:

<title><?php echo $title; ?></title>
....

<meta name="description" content="<?php echo $description; ?>">
....

it works correctly, but, is this the correct way to add title and meta tags in CakePHP ?

Thank you!

Answer 1

No

That's not a safe way to output your title and description variables.

Cake does have a helper function for outputting metatags extract from the docs:

<?php
echo $this->Html->meta(
    'description',
    'enter any meta description here'
);
?>
// Output
<meta name="description" content="enter any meta description here" />

Alternatively

You don't have to use the above function - but if you don't you must take care to escape your variables. Consider what happens with this:

$description = 'something with a "quote in it';

if you just blindly echo variables - you're going to create malformed html and/or permit injection attacks. As such it's perfectly fine to use the code in the question if you escape $title and $description appropriately:

<title><?php echo htmlspecialchars($title); ?></title>
....
<meta name="description" content="<?php echo htmlspecialchars($description); ?>">