#43896 [Asn->Tbd]: htmlspecialchars() returns empty string on invalid unicode sequence

Tue, 25 Nov 2008 20:33:32 -0800 

 ID:               43896
 Updated by:       [EMAIL PROTECTED]
 Reported By:      arnaud dot lb at gmail dot com
-Status:           Assigned
+Status:           To be documented
 Bug Type:         Strings related
 Operating System: *
 PHP Version:      5CVS-2008-07-15
 New Comment:

It seems "Fixed in CVS and need to be documented" does not changes the
status if it is set to "Assigned" :/


Previous Comments:
------------------------------------------------------------------------

[2008-11-26 04:31:24] [EMAIL PROTECTED]

 

------------------------------------------------------------------------

[2008-11-26 04:30:41] [EMAIL PROTECTED]

Added ENT_IGNORE as a compatibility flag to skip invalid multibyte
sequences instead of returning an empty string (as iconv's //IGNORE).
These functions will still never return an invalid or incomplete
multibyte sequence.
Example: htmlspecialchars("...", ENT_QUOTES | ENT_COMPAT, "utf-8");

------------------------------------------------------------------------

[2008-11-02 13:27:46] [EMAIL PROTECTED]

Arnaud, fix it yourself.

------------------------------------------------------------------------

[2008-10-21 12:08:38] [EMAIL PROTECTED]

Actually "The tool" to use for incoming data is the filter extension..

------------------------------------------------------------------------

[2008-09-11 12:52:16] [EMAIL PROTECTED]

Not considering this as a bug (or rather a regression) is a major flaw
IMO.
htmlspecialchars() is *THE* tool that developers are encouraged to use
when escaping output of data that comes from an unknown source. By
nature you can't always rely on this data to be perfectly valid. People
copy and paste from Word to HTML forms and do all kind of weird stuff to
get data into a website.
Simply discarding the complete data just because it's not a completely
valid character stream is going break all kind of websites with user
generated content.

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/43896

-- 
Edit this bug report at http://bugs.php.net/?id=43896&edit=1

Reply via email to