#43896 [Asn]: htmlspecialchars() returns empty string on invalid unicode sequence

Tue, 25 Nov 2008 20:31:33 -0800 

 ID:               43896
 Updated by:       [EMAIL PROTECTED]
 Reported By:      arnaud dot lb at gmail dot com
 Status:           Assigned
 Bug Type:         Strings related
 Operating System: *
 PHP Version:      5CVS-2008-07-15
 New Comment:

 


Previous Comments:
------------------------------------------------------------------------

[2008-11-26 04:30:41] [EMAIL PROTECTED]

Added ENT_IGNORE as a compatibility flag to skip invalid multibyte
sequences instead of returning an empty string (as iconv's //IGNORE).
These functions will still never return an invalid or incomplete
multibyte sequence.
Example: htmlspecialchars("...", ENT_QUOTES | ENT_COMPAT, "utf-8");

------------------------------------------------------------------------

[2008-11-02 13:27:46] [EMAIL PROTECTED]

Arnaud, fix it yourself.

------------------------------------------------------------------------

[2008-10-21 12:08:38] [EMAIL PROTECTED]

Actually "The tool" to use for incoming data is the filter extension..

------------------------------------------------------------------------

[2008-09-11 12:52:16] [EMAIL PROTECTED]

Not considering this as a bug (or rather a regression) is a major flaw
IMO.
htmlspecialchars() is *THE* tool that developers are encouraged to use
when escaping output of data that comes from an unknown source. By
nature you can't always rely on this data to be perfectly valid. People
copy and paste from Word to HTML forms and do all kind of weird stuff to
get data into a website.
Simply discarding the complete data just because it's not a completely
valid character stream is going break all kind of websites with user
generated content.

------------------------------------------------------------------------

[2008-07-18 00:10:45] [EMAIL PROTECTED]

I even don't think this is a valid bug in the first place. You passed a

string that is encoded in ISO-8859-15 to htmlspecialchars() while 
specifying UTF-8 to force the string to be treated as "UTF-8". One 
should never depend on the past wrond behaviour with which invalid byte

sequences pass through. Besides, you can always work around it by
giving 
ISO-8859-15 to the third argument.





------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/43896

-- 
Edit this bug report at http://bugs.php.net/?id=43896&edit=1

Reply via email to