[Form] avoid double-escape and then unescape
htmlspecialchars' fourth parameter allows you to avoid double-escaping in the first place
This commit is contained in:
parent
e6bff045c9
commit
71cc3a7773
@ -120,18 +120,6 @@ class HtmlGenerator implements HtmlGeneratorInterface
|
|||||||
*/
|
*/
|
||||||
public function escape($value)
|
public function escape($value)
|
||||||
{
|
{
|
||||||
return $this->fixDoubleEscape(htmlspecialchars((string) $value, ENT_QUOTES, $this->charset));
|
return htmlspecialchars((string) $value, ENT_QUOTES, $this->charset, false);
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Fixes double escaped strings.
|
|
||||||
*
|
|
||||||
* @param string $escaped string to fix
|
|
||||||
*
|
|
||||||
* @return string A single escaped string
|
|
||||||
*/
|
|
||||||
protected function fixDoubleEscape($escaped)
|
|
||||||
{
|
|
||||||
return preg_replace('/&([a-z]+|(#\d+)|(#x[\da-f]+));/i', '&$1;', $escaped);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user