Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support HTML5 entities with double_encode: false #6808

Merged
merged 2 commits into from Jan 30, 2024
Merged

Support HTML5 entities with double_encode: false #6808

merged 2 commits into from Jan 30, 2024

Conversation

ausi
Copy link
Member

@ausi ausi commented Jan 29, 2024

When using htmlspecialchars() with double_encode: false we should always set ENT_HTML5 so that all valid HTML entities do not get double encoded.

Without this fix, ​ for example would get encoded to ​

@ausi ausi added the bug label Jan 29, 2024
@ausi ausi added this to the 4.13 milestone Jan 29, 2024
@ausi ausi self-assigned this Jan 29, 2024
aschempp
aschempp reviewed Jan 29, 2024
View reviewed changes
Copy link
Member

@aschempp aschempp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you sure we also want to change this in the specialchars method? Because I e.g. use that for HTML attributes in templates or maybe people use that for escaping URL parameters?

@ausi
Copy link
Member Author

ausi commented Jan 29, 2024
edited

Are you sure we also want to change this in the specialchars method?

Yes. All it changes is that with ENT_HTML5 it knows about all HTML5 entities so that double_encode: false does not incorrectly double encode “newer” HTML entities. And it also changes that ' gets encoded as ' instead of ' which is supported since IE9.

Because I e.g. use that for HTML attributes in templates or maybe people use that for escaping URL parameters?

Yes, this use cases are totally fine.

@leofeyer leofeyer changed the title Support HTML5 entities with double_encode: false Support HTML5 entities with double_encode: false Jan 30, 2024
@leofeyer leofeyer merged commit 2a8b5ef into contao:4.13 Jan 30, 2024
17 checks passed
@leofeyer
Copy link
Member

Thank you @ausi.

@ausi ausi mentioned this pull request Mar 21, 2024
Merged
leofeyer pushed a commit that referenced this pull request Mar 22, 2024
@ausi
Fix double encoding/decoding in the HtmlAttributes class (see #7044)
4ebbfe8 
Description
-----------

Followup to #6808 _(Was probably missed there because 4.13 does not have the HtmlAttributes class)_

Commits
-------

a8aee48 Fix double encoding/decoding in HtmlAttributes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aschempp aschempp aschempp left review comments

@leofeyer leofeyer leofeyer approved these changes

@m-vo m-vo m-vo approved these changes

Assignees

@ausi ausi

Labels
bug
Projects
None yet
Milestone
4.13
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@ausi @leofeyer @aschempp @m-vo