On Thu, 7 Jan 2021 at 14:11, Claude Pache wrote:
> Hi,
>
> > Le 26 déc. 2020 à 12:02, Craig Francis a
> écrit :
> >
> > (...)
> > PHP uses the numeric version ' with ENT_QUOTES, and it should
> continue
> > to do so - because the named version, ' was added in HTML5, but can
> > still cause probl
On Sat, Dec 26, 2020 at 12:03 PM Craig Francis wrote:
> Could htmlspecialchars() use ENT_QUOTES by default?
> [...]
> I'd also be tempted to suggest ENT_SUBSTITUTE should be included, as I prefer
> to keep as much of the valid data (rather than losing everything), but that's
> not as important a
Hi,
> Le 26 déc. 2020 à 12:02, Craig Francis a écrit :
>
> (...)
> PHP uses the numeric version ' with ENT_QUOTES, and it should continue
> to do so - because the named version, ' was added in HTML5, but can
> still cause problems with legacy parsers; for example Android 4, and the
> one still i
On 2021-01-07 11:00, Claude Pache wrote:
Le 6 janv. 2021 à 16:46, Nikita Popov a écrit :
On Sat, Dec 26, 2020 at 12:03 PM Craig Francis
wrote:
Hi,
Could htmlspecialchars() use ENT_QUOTES by default?
I recently worked on an example script, where I tried to keep it simple by
using htmlspec
> Le 6 janv. 2021 à 16:46, Nikita Popov a écrit :
>
> On Sat, Dec 26, 2020 at 12:03 PM Craig Francis
> wrote:
>
>> Hi,
>>
>> Could htmlspecialchars() use ENT_QUOTES by default?
>>
>> I recently worked on an example script, where I tried to keep it simple by
>> using htmlspecialchars directl
On Wed, 6 Jan 2021 at 15:46, Nikita Popov wrote:
> On Sat, Dec 26, 2020 at 12:03 PM Craig Francis
> wrote:
>
>> Hi,
>>
>> Could htmlspecialchars() use ENT_QUOTES by default?
>>
>> [...]
>
>
> I agree that we should switch the default to ENT_QUOTES. I also agree that
> we should enable ENT_SUBSTI
On Sat, Dec 26, 2020 at 12:03 PM Craig Francis
wrote:
> Hi,
>
> Could htmlspecialchars() use ENT_QUOTES by default?
>
> I recently worked on an example script, where I tried to keep it simple by
> using htmlspecialchars directly, e.g.
>
> echo "";
>
> I'd completely forgotten that single quot
FWIW i'm surprised with the lack of ENT_DISALLOWED , personally i use
tohtml(string $str):string{ return htmlentities($str, ENT_QUOTES |
ENT_HTML401 | ENT_SUBSTITUTE | ENT_DISALLOWED, 'UTF-8', true);}
On Sat, 26 Dec 2020 at 12:03, Craig Francis
wrote:
> Hi,
>
> Could htmlspecialchars() use ENT_Q
