I'm using HTMLFilter (http://linux.duke.edu/projects/mini/htmlfilter/) to
safely allow certain HTML tags as user input to be displayed later. I use
htmlspecialchars() to display this text in a textarea during editting, so
everything displays as valid XHTML at this stage, without any user
However if the user inputs a HTML entity (&, " or ' for example), it gets
saved as is to the DB - and displays fine as XHTML in a textarea - but
when output to a browser at the viewing stage (as opposed to the editting
stage) - these bare entities are not valid XHTML and need converting. I
can do this either at the saving to DB stage or just before outputting to
However I can't blindly convert all HTML entities found to their relative
values anymore using htmlspecialchars(), as some of the entities may be
inside the tags that the user has input, and I don't want these converted.
ie. user inputs <a href="whatever.html" target='new_target'>"my amazin'
links & stuff"</a>
needs to be converted to <a href="whatever.html"
target='new_target'>"my amazin' links & stuff"</a>
Any ideas? I'm new to PHP and would rather not re-invent any wheels.
Thanks in advance
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!