diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Form] avoid double-escape and then unescape

Browse Source 
htmlspecialchars' fourth parameter allows you to avoid double-escaping in the first place
This commit is contained in:
Jordi Boggiano 2010-07-24 13:49:43 +02:00 committed by Fabien Potencier
parent e6bff045c9
commit 71cc3a7773
1 changed files with 1 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/Symfony/Component/Form/HtmlGenerator.php
View File

@ -120,18 +120,6 @@ class HtmlGenerator implements HtmlGeneratorInterface
*/
public function escape($value)
{
return $this->fixDoubleEscape(htmlspecialchars((string) $value, ENT_QUOTES, $this->charset));
}
/**
* Fixes double escaped strings.
*
* @param string $escaped string to fix
*
* @return string A single escaped string
*/
protected function fixDoubleEscape($escaped)
{
return preg_replace('/&([a-z]+|(#\d+)|(#x[\da-f]+));/i', '&$1;', $escaped);
return htmlspecialchars((string) $value, ENT_QUOTES, $this->charset, false);
}
}