k_Template escape function

3 views
Skip to first unread message

Tobbe Lundberg

unread,
Sep 26, 2010, 5:37:09 AM9/26/10
to Konstrukt
Currently the e() function in k_Template calls the escape function
that looks like this:

function escape($str) {
return htmlspecialchars($str, ENT_QUOTES);
}

but I never find a use for that escape function. What I do use all the
time though is this:

<?php echo htmlentities($str, ENT_QUOTES, 'UTF-8'); ?>

So I propose that the escape function is changed to look like the code
below so I can use e() in my templates.

function escape($str) {
return htmlentities($str, ENT_QUOTES, 'UTF-8');
}

Thoughts?

//Tobbe

troels knak-nielsen

unread,
Sep 27, 2010, 3:53:38 AM9/27/10
to kons...@googlegroups.com
Why do you use htmlentities over htmlspecialchars?

Right now, the implementation is charset-independent - your change
would make it strictly utf-8, so to make such a change, it would have
to be user-configurable which implementation to use. That would
probably be a good idea anyway though.

--
troels

> --
> You received this message because you are subscribed to the Google Groups "Konstrukt" group.
> To post to this group, send email to kons...@googlegroups.com.
> To unsubscribe from this group, send email to konstrukt+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/konstrukt?hl=en.
>
>

Karan

unread,
Sep 27, 2010, 3:54:55 AM9/27/10
to kons...@googlegroups.com
i agree, htmlspecialchars is a better function to use as it produces xml compliant output, while htmlentities doesn't.

troels knak-nielsen

unread,
Sep 27, 2010, 6:11:35 AM9/27/10
to kons...@googlegroups.com, to...@tlundberg.com
On Mon, Sep 27, 2010 at 11:55 AM, <to...@tlundberg.com> wrote:
> Hi

>
> On Sep 27, 2010 9:53am, troels knak-nielsen <troe...@gmail.com> wrote:
>> Why do you use htmlentities over htmlspecialchars?
>>
>
> htmlspecialchars only translates & (ampersand), " (double quote), ' (single
> quote), < (less than) and > (greater than)
>
> When dealing with international characters, isn't it a good idea to
> translate them as well? (å => å, ø => ø, etc) htmlentities does this
> translation for me.

You don't need to do this, as long as you're serving the page in the
proper encoding. Eg. If you use utf-8, and serve the page as utf-8,
you can have those characters in there. htmlentities are kind of a
second layer of encoding, which enables you to transfer non-ascii
characters in a html document. But if you know what encoding you're
using, it is unnecessary to mock about with entities. When you use
konstrukt, everything is assumed to be utf-8 - Just make sure you save
template files as utf-8 and have your database (and other backend
interfaces) set up to deliver utf-8 strings, and you'll be fine.

> I have never used utf-8 before. I thought I had to specify that to make it
> work with utf-8. If it's smart enough to pick the right encoding without
> specifying it that would of course be better.

The point is that htmlspecialchars only translates those characters
that you mentioned, and they are all in the ascii-range. So they will
be the same for utf-8, latin1 and pretty much any characterset that
you're likely to use. htmlentities on the other hand, only works if it
knows the encoding of the input string.

--
troels

Reply all
Reply to author
Forward
0 new messages