Users browsing this thread: 1 Guest(s)
Interesting discovery for sure. I'm specifically using strip_tags() currently but decided to just try swapping htmlspecialchars() in which does fix the submission you linked. The problem is that it then breaks instances where potentially formatted text is displayed without formatting by displaying the HTML instead of just removing the tags. That's not the end of the world and I'm content to leave it for now but definitely keep an eye out for any odd display issues.
Thanked by:
Yeah, I think you've caused a problem now. For example, the title at

Edit: Though I'm not quite sure how you're managing this. "&" turns into "&" in the HTML. Some double-escaping is going on?
Thanked by: Petie
That was because I forgot to take out the explicit search for & which I was replacing with & manually. That replacement was running first and then htmlspecialchars() was replacing the & in & with another &.

Thanks for pointing that out! Should be good now.
Thanked by: Simpsons Dumper

Forum Jump: