• From: Paris, France
  • Registered: 2008-04-30
  • Posts: 523

Topic: Parser : '

Single straight quote (') is transformed into the html entity '

Is that really necessary? It's slightly heavier, and source code unfriendly to read hmm

Dorem  - Shadowrun France - Blacky - Team Fortress 2

Jérémie's Website

  • Smartys
  • Former FluxBB.org Developer
  • Offline
  • Registered: 2008-04-27
  • Posts: 2,342

Re: Parser : '

forum_htmlencode encodes single quotes as well as double quotes. It is simply a security measure: without it, someone could write something like

<input type='hidden' name='test' foo='<?php echo forum_htmlencode($_POST['test']) ?>' />

or

<a href="#" onclick="document.location='<?php echo forum_htmlencode($_POST['test']) ?>'">Test</a>

and the code would be vulnerable to an XSS.

Smartys's Website

  • From: Paris, France
  • Registered: 2008-04-30
  • Posts: 523

Re: Parser : &#039;

Woki, thanks for the info.

Dorem  - Shadowrun France - Blacky - Team Fortress 2

Jérémie's Website