Jump to content

Useful to convert < and > into html characters?


son
 Share

Recommended Posts

I have posted before about htmlspecialchars() function and have opted to use it as it combats issues with single and double quotation marks. Plus it also converts the & character. However, there seems to be no way to turn off the conversion of < and >. Why is a conversion for those useful? Just do not get it...Also, my files are all in UTF-8; using the function it shows on actual webpage text as '–' which I obviously not want.Son

Edited by son
Link to comment
Share on other sites

A common reason for using the function is to display HTML as characters, not as actual DOM elements. This forum does that. If it didn't, my typing <textarea>hi</textarea> would not appear as HTML, it would perform as HTML, and you would see a textarea.A lot of blogging software does the same sort of thing, so that users cannot inject potentially dangerous or annoying HTML into your blog. All the user would see is non-functioning HTML.

Link to comment
Share on other sites

If you're intending to upload real html content you can use a str_replace function to convert the html character code back into '>' or '<'.But if you don't it's like Deirdre said. I've written a chatbox before and forget to check for this so someone just wrote-<script type='text/javascript'>window.location='some_porn_site'</script>so everyone who came to my site automatically got redirected to a porn site. This is why it is important to deny users access to these characters.

Link to comment
Share on other sites

^^ Ouch!
I see and understand now why this is important. It is for data that is actual web page content and there could be lists, italics etc. I suppose as this is entered by site owner only I can assume they would not want to infringe their site's operation, so should be fine without. Otherwise, it will infringe with them entering content and annoy them also. Do not expect they would like to redirect to porn site, although you never know;-)Cheers,Son
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...