[TYPO3-core] RFC: Bug 1030, 277, 1472 possibly 1270
René Fritz
rene at typo3.org
Fri Feb 24 19:23:18 CET 2006
> Sorry for insisting. It seems this has still not been changed.
> Bernhard and René, can you please solve that?
see:
> > There's one place in browse_links which needs htmlspecialchars() which I
> > commit soon. Other places are roughly checked and seems to be ok.
browse_links is fixed and in CVS
Still I would like to change the function. But nobody cares and that's not my
task.
description:
> > Anyway I still think the second parameter quoteJSvalue() should be
> > changed
> >
> > * @param string The string to encode.
> > * @param boolean If the values get's used in <script> tags.
> > * @return string The encoded value already quoted
> > */
> > function quoteJSvalue($value, $inScriptTags = false) {
> > $value = addcslashes($value, '\''.chr(10).chr(13));
> > if (!$inScriptTags) {
> > $value = htmlspecialchars($value);
> > }
> > return '\''.$value.'\'';
> > }
> >
> >
> > My suggestion:
> >
> > function quoteJSvalue($value, $hsc = false) {
> > $value = addcslashes($value, '\''.chr(10).chr(13));
> > if ($hsc) {
> > $value = htmlspecialchars($value);
> > }
> > return '\''.$value.'\'';
> > }
> >
> > But this might be confusing for me only. My brain twists with the double
> > negation of
> > $inScriptTags = false
> > and
> > if (!$inScriptTags)
> > which in fact do something when it is set to false.
René
--
René Fritz
TYPO3 Association - Active Member
http://association.typo3.org/
More information about the TYPO3-team-core
mailing list