[TYPO3-core] RFC: Bug 1030, 277, 1472 possibly 1270

René Fritz rene at typo3.org
Fri Feb 24 19:23:18 CET 2006


> Sorry for insisting. It seems this has still not been changed.
> Bernhard and René, can you please solve that?

see:

> > There's one place in browse_links which needs htmlspecialchars() which I
> > commit soon. Other places are roughly checked and seems to be ok.


browse_links is fixed and in CVS


Still I would like to change the function. But nobody cares and that's not my 
task.

description:

> > Anyway I still think the second parameter quoteJSvalue() should be
> > changed
> >
> > * @param      string          The string to encode.
> > * @param      boolean         If the values get's used in <script> tags.
> > * @return     string  The encoded value already quoted
> > */
> > function quoteJSvalue($value, $inScriptTags = false)  {
> > $value = addcslashes($value, '\''.chr(10).chr(13));
> > if (!$inScriptTags)   {
> > $value = htmlspecialchars($value);
> > }
> > return '\''.$value.'\'';
> > }
> >
> >
> > My suggestion:
> >
> > function quoteJSvalue($value, $hsc = false)   {
> > $value = addcslashes($value, '\''.chr(10).chr(13));
> > if ($hsc)     {
> > $value = htmlspecialchars($value);
> > }
> > return '\''.$value.'\'';
> > }
> >
> > But this might be confusing for me only. My brain twists with the double
> > negation of
> > $inScriptTags = false
> > and
> > if (!$inScriptTags)
> > which in fact do something when it is set to false.

René

-- 
René Fritz
TYPO3 Association - Active Member
http://association.typo3.org/



More information about the TYPO3-team-core mailing list