[TYPO3-core] Usage of GeneralUtility::deHSCentities()

Stefan Neufeind typo3.neufeind at speedpartner.de
Fri Jul 26 01:26:48 CEST 2013


I just stumbled across this function, which I didn't expect really
exists :-)

If it is used like


then there is a separate parameter for htmlspecialchars() since PHP
5.2.3 that we can make use of instead of doing our own preg_replace-fix.
That's what


is about.

But I wonder if this "magic protection" for double-encoding is really
useful in the first place. We should imho question those places where it
is used if we could get rid of it. Because if we really stuff in a
string that was already encoded, that's a bug in itself - but fighting
the symptoms instead of its causes is not right imho.

Kind regards,

More information about the TYPO3-team-core mailing list