[Typo3-dev] RFC: Bug #277: utf-8 + JSMENU/feAdminLib
Martin Kutschker
Martin.Kutschker at n0spam-blackbox.net
Fri Oct 21 14:23:54 CEST 2005
Bernhard Kraft schrieb:
> Ernesto Baschny [cron IT] wrote:
>
>> The only conflict is the above mentioned $confirm outputting. I've added
>> a htmlspecialchars around it, while Bernhard didn't. Isn't that needed,
>> Bernhard, since we are in a (X)HTML-attribute?
>
> Of course ! if you are not inside a <script> tag you will need to feed
> it through
> htmlspecialchars ! But you MUST NOT feed it through specialchars if it
> IS inside a script tag - else you will see the entities undecoded.
Everything (be it element content or attribute) outside of a CDATA
section needs to be run through htmlspecialchars(), everything inside
must not. TYPO3 uses CDATA for SCRIPT and STYLE so no
htmlspechialchars() there.
Masi
More information about the TYPO3-dev
mailing list