[TYPO3-core] Usage of GeneralUtility::deHSCentities()
Stefan Neufeind
typo3.neufeind at speedpartner.de
Fri Jul 26 01:26:48 CEST 2013
Hi,
I just stumbled across this function, which I didn't expect really
exists :-)
If it is used like
GeneralUtility::deHSCentities(htmlspecialchars($output));
then there is a separate parameter for htmlspecialchars() since PHP
5.2.3 that we can make use of instead of doing our own preg_replace-fix.
That's what
https://review.typo3.org/22580
is about.
But I wonder if this "magic protection" for double-encoding is really
useful in the first place. We should imho question those places where it
is used if we could get rid of it. Because if we really stuff in a
string that was already encoded, that's a bug in itself - but fighting
the symptoms instead of its causes is not right imho.
Kind regards,
Stefan
More information about the TYPO3-team-core
mailing list