Get up to 80 % extra points for free! More info:

Discussion: Why doesn't the htmlspecialchars function convert single quotes to entities by default?

In the previous quiz, Online PHP Quiz, we tested our experience gained from the course.

Activities
Avatar
Matthias Quintero:11/8/2016 14:08

I know that the the htmlspecialchars() function is able to convert single quotes to entities if ENT_QUOTES is added into the second parameter. However, wouldn't it make more sense to make it convert them by default and then have an option to leave them as is? Is there a valid reason as to why they set it up this way? Because I can come up with many, many more instances in which I would need converted single quotes than actual strings within a string...

Just to be clear, I think this should be converted by default:

$str = "Then he told me, 'Get away from me!'.";
htmlspecialchars($str); /* not like this: htmlspecialchars($str, ENT_QUOTES) */

Mainly because it wouldn't make any sense for the quote within the string to be treated like a string as well.

 
Reply
11/8/2016 14:08
Avatar
Replies to Matthias Quintero
David Capka Hartinger:11/8/2016 14:32

I believe it's not default because of backward compatibility, maybe they just didn't realize it's necessary and they can't change it now. The best solution is to create some custom function for it which would call htmlspecialchars() with appropriate parameters.

I'd like to mention some cases when it's really wise to escape single quotes since they can lead to some kinds of XSS. Consider this example:

<button onclick="alert('<?= htmlspecialchars($value) ?>');" />

If there was an apostrophe in the $value, it could lead to the JavaScript injection if used htmlspecialchars() in the default configuration.

Edited 11/8/2016 14:33
Up Reply
11/8/2016 14:32
You can walk through a storm and feel the wind but you know you are not the wind.
Avatar
Declare
Member
Avatar
Declare:7. May 2:40

Discover the ideal Women Bags at affordable prices. Pick from a large assortment of fashionable and useful bags to complete your look and hold all of your necessities. Shop now!

 
Up Reply
7. May 2:40
Avatar
Adoro
Member
Avatar
Adoro:7. May 3:36

Elevate your unique style with Adoro's extraordinary handbags collection. Each piece is a testament to avant-garde design and impeccable craftsmanship. Redefine fashion; carry a statement with Adoro.

 
Up Reply
7. May 3:36
Avatar
Ammara Khan
Member
Avatar
Ammara Khan:8. May 8:01

Introducing Ammara Khan's new kurti design, where tradition meets modernity! Explore our newest collection featuring timeless elegance and contemporary flair. Elevate your style with our versatile pieces designed to make a statement. Discover your perfect kurti today!

 
Up Reply
8. May 8:01
Avatar
Servis
Member
Avatar
Servis:9. May 5:07

Explore the latest men shoes sale at Servis. Find great deals on a wide variety of fashionable and comfortable shoes for every occasion.

 
Up Reply
9. May 5:07
Avatar
Shalamar Hospital:30. October 7:20

With a focus on excellence, Shalamar Hospital delivers high-quality surgical services as a top surgical hospital in Lahore, catering to diverse medical needs

 
Up Reply
30. October 7:20
To maintain the quality of discussion, we only allow registered members to comment. Sign in. If you're new, Sign up, it's free.

7 messages from 7 displayed.