[wp-hackers] wp_specialchars() and HTML Entities

Brad Fults bfults at gmail.com
Mon May 9 02:54:21 GMT 2005


Hi,

I need clarification on the intention of wp_specialchars(). On the first 
line of the function (/wp-includes/functions-formatting.php:99), there is a 
comment:

// Like htmlspecialchars except don't double-encode HTML entities

I'm not quite sure what "double-encoding" entails, and why it's undesirable.

I recently ran into a problem when I enter a person's name in the Link 
Editor that contains a special character such as ö as such: "Björn". 
When I save the entry, it's saved to the database correctly, but upon 
editing again, the link name gets passed through wp_specialchars() and it 
disregards the character entity, giving me the literal "Björn". I think this 
is pretty obviously undesirable behavior--a user wants to edit exactly what 
he inputted, not some converted version.

So my question is: what is the case where htmlspecialchars() [or 
htmlentities()] was overkill? What is this double-encoding and why is it 
bad? I'd like to come to a solution that prevents cases like the one I've 
experienced.

Thanks.

-- 
Brad Fults
NeatBox
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://comox.textdrive.com/pipermail/wp-hackers/attachments/20050509/aafcc1ac/attachment.html


More information about the wp-hackers mailing list