Add bool $doubleEncode = true optional parameter to esc()

Current behavior is

PHP Code:

    echo esc('& &') //returns '& &' 


Please modify esc() to allow

PHP Code:

    echo esc('& &', 'html', 'utf-8', false) //returns '& &' 


This would require modifying the function signature to

PHP Code:

    function esc($data, string $context = 'html', ?string $encoding = null, bool doubleEncode = true) 


and the business logic of the function would mimic the behavior of htmlentities() fourth parameter which only encodes special characters that are not part of an html encoding.  I see that codeigniter is just calling laminas-escaper and laminas-escaper in that context is just calling htmlspecialchars()

PHP Code:

    /**
    * Escape a string for the HTML Body context where there are very few characters
    * of special meaning. Internally this will use htmlspecialchars().
    *
    * @return string
    */
    public function escapeHtml(string $string)
    {
        return htmlspecialchars($string, $this->htmlSpecialCharsFlags, $this->encoding);
    } 


So I will submit this to them too, but even if they implement it, CodeIgniter would still need to be able to pass the boolean to turn it on through the esc() function.

---

I submitted the PR to laminas/laminas-escaper https://github.com/laminas/laminas-escaper/pull/54 so we will see if they accept it.

I don't think we need such a option.
It seems bad practice.

ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper