[wp-hackers] wp_specialchars() and HTML Entities

Robert Deaton false.hopes at gmail.com
Mon May 9 02:59:11 GMT 2005


I believe double-encoding means that even if characters had already been 
converted, it converted certain characters again (IE ö).

I think that editing the characters not as their htmlspecialchars() 
counterpart is the intended behavior, that way people who use languages 
other than English regularly aren't editing htmlspecialchars() encoded 
strings. They are reencoded and stored in the database as the 
htmlspecialchars() counterparts.

On 5/8/05, Brad Fults <bfults at gmail.com> wrote:
> 
> Hi,
> 
> I need clarification on the intention of wp_specialchars(). On the first 
> line of the function (/wp-includes/functions-formatting.php:99), there is 
> a comment:
> 
> // Like htmlspecialchars except don't double-encode HTML entities
> 
> I'm not quite sure what "double-encoding" entails, and why it's 
> undesirable.
> 
> I recently ran into a problem when I enter a person's name in the Link 
> Editor that contains a special character such as ö as such: "Bj&ouml;rn". 
> When I save the entry, it's saved to the database correctly, but upon 
> editing again, the link name gets passed through wp_specialchars() and it 
> disregards the character entity, giving me the literal "Björn". I think this 
> is pretty obviously undesirable behavior--a user wants to edit exactly what 
> he inputted, not some converted version.
> 
> So my question is: what is the case where htmlspecialchars() [or 
> htmlentities()] was overkill? What is this double-encoding and why is it 
> bad? I'd like to come to a solution that prevents cases like the one I've 
> experienced.
> 
> Thanks.
> 
> -- 
> Brad Fults
> NeatBox 
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
> 
> 
> 


-- 
--Robert Deaton
http://somethingunpredictable.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://comox.textdrive.com/pipermail/wp-hackers/attachments/20050509/6afdb9e6/attachment.html


More information about the wp-hackers mailing list