Page 1 of 1
Encode entities except XHTML code?
Posted: Fri Nov 14, 2008 9:28 pm
by JAB Creations
I have an interesting dilemma: I'd like to allow XHTML code (such as abbr elements) that are pulled from the database to not be encoded (so they end up as XHTML output and not encoded entities) while PHP does encode all other entities (mainly ampersands). By default htmlspecialchars and htmlentities are close but no cigar, thoughts please?
Re: Encode entities except XHTML code?
Posted: Fri Nov 14, 2008 10:24 pm
by requinix
Allow all tags?
Code: Select all
$table = get_html_translation_table(); // find the replacements done by htmlentities
unset($table["<"]); unset($table[">"]); // remove < and >
$new = strtr($old, $table); // translate
Or just some?
Code: Select all
// complicated. just trust me on this
// only allow <abbr> <a> <b> and <i>
$parts = preg_split('/(<\/?(?:abbr|a|b|i)(?:\s[^>]+)?>)/is', $old, -1, PREG_SPLIT_DELIM_CAPTURE);
$flag = 1;
foreach ($parts as $key => $part) {
if ($flag) $parts[$key] = htmlentities($part);
$flag = 1 - $flag;
}
$new = implode("", $parts);
Re: Encode entities except XHTML code?
Posted: Fri Nov 14, 2008 10:34 pm
by JAB Creations
That rocks! Thanks; you didn't have to go to all the trouble of doing a regex setup I appreciate it though.
I've escaped double quotes and both carrots...
Code: Select all
$table = get_html_translation_table(); // find the replacements done by htmlentities
unset($table['"']); unset($table["<"]); unset($table[">"]); // remove < and >
$new = strtr($row1['thread_title'], $table); // translate
echo '<h2 id="'.$row1['thread_url'].'"><a href="blog.php?'.$row1['thread_url'].'" tabindex="3">'.$new.'</a></h2>'."\n";
Here is an example of the output...
Code: Select all
<h2 id="lost-credibility-of-iso"><a href="blog.php?lost-credibility-of-iso" tabindex="3">Lost Credibility of <abbr title="International Standards Organization">ISO</abbr></a></h2>