+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Feature Requests (https://forum.codeigniter.com/forumdisplay.php?fid=29)
+--- Thread: Add bool $doubleEncode = true optional parameter to esc() (/showthread.php?tid=90482)
Add bool $doubleEncode = true optional parameter to esc() - objecttothis - 03-25-2024
Current behavior is
PHP Code:
echo esc('& &') //returns '& &'
Please modify esc() to allow
PHP Code:
echo esc('& &', 'html', 'utf-8', false) //returns '& &'
This would require modifying the function signature to
PHP Code:
function esc($data, string $context = 'html', ?string $encoding = null, bool doubleEncode = true)
and the business logic of the function would mimic the behavior of htmlentities() fourth parameter which only encodes special characters that are not part of an html encoding. I see that codeigniter is just calling laminas-escaper and laminas-escaper in that context is just calling htmlspecialchars()
PHP Code:
/**
* Escape a string for the HTML Body context where there are very few characters
* of special meaning. Internally this will use htmlspecialchars().
*
* @return string
*/
public function escapeHtml(string $string)
{
return htmlspecialchars($string, $this->htmlSpecialCharsFlags, $this->encoding);
}
So I will submit this to them too, but even if they implement it, CodeIgniter would still need to be able to pass the boolean to turn it on through the esc() function.
I submitted the PR to laminas/laminas-escaper https://github.com/laminas/laminas-escaper/pull/54 so we will see if they accept it.
RE: Add bool $doubleEncode = true optional parameter to esc() - kenjis - 03-25-2024
I don't think we need such a option.
It seems bad practice.