[wp-hackers] wp_specialchars() and HTML Entities
bfults at gmail.com
Mon May 9 02:54:21 GMT 2005
I need clarification on the intention of wp_specialchars(). On the first
line of the function (/wp-includes/functions-formatting.php:99), there is a
// Like htmlspecialchars except don't double-encode HTML entities
I'm not quite sure what "double-encoding" entails, and why it's undesirable.
I recently ran into a problem when I enter a person's name in the Link
Editor that contains a special character such as ö as such: "Björn".
When I save the entry, it's saved to the database correctly, but upon
editing again, the link name gets passed through wp_specialchars() and it
disregards the character entity, giving me the literal "Björn". I think this
is pretty obviously undesirable behavior--a user wants to edit exactly what
he inputted, not some converted version.
So my question is: what is the case where htmlspecialchars() [or
htmlentities()] was overkill? What is this double-encoding and why is it
bad? I'd like to come to a solution that prevents cases like the one I've
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the wp-hackers