Brett Zamir
Feb 12th

   @hacksmw: When I try

1

alert(htmlspecialchars_decode('& amp;#9787;'))

hacksmw
Feb 11th

  htmlspecialchars_decode function in PHP doesn't work recursive.
but this function is too recursive.
so "& amp; #9787;" will not be converted by this function as "& #9787;"
however, it will be converted as "☻"
on the other hand,
the function in php will convert it as "&# 9787;"

(
i can't delete my old comment.
so, i wrote this comment once again :(
)

hacksmw
Feb 11th

  htmlspecialchars_decode function in PHP doesn't work recursive.
but this function is too recursive.
so "& #9787;" will not be converted by this function as "& #9787;"
however, it will be converted as "☻"
on the other hand,
the function in php will convert it as "&# 9787;"

(
i can't delete my old comment.
so, i wrote this comment once again :(
)

Brett Zamir
7 Dec '09

  @Felix: Thanks for the feedback. Yes, I pushed earlier to the git repo with the fix. Was my oversight as I was testing in Firefox which doesn't have a problem with trailing commas. htmlspecialchars_decode() also had the issue which I fixed as well. Thanks again!

felix
6 Dec '09

  problem solved.. wrong synthax in in row 38/39.. after "'ENT_IGNORE' : 4" there's a comma but it shouldnt be there ^^

felix
5 Dec '09

  Hi,

seems that the script has problems with ie6 + 7 .. here the browser says "object expected" in line 41/42... ???

also.. does this function work with utf-8 ?

Kevin van Zonneveld
3 Jul '09

  @ T.Wild: Hey man. Thanks a lot for testing this. I've patched it in SVN, and things will be online shortly

T.Wild
2 Jul '09

  Sorry, just to be clear that's moving the line over at
get_html_translation_table

T.Wild
2 Jul '09

   A Frank Forte posted over on strtr (http://phpjs.org/functions/strtr:556#comment_75192) that htmlspecialcharacters is encoding ampersands after encoding other characters.
so < test > becomes andamp;lt test andamp;gt
I've confirmed this myself, and his fix of moving the line

1

entities['38'] = '&';

1

if (useTable === 'HTML_ENTITIES')

Kevin van Zonneveld
15 Jan '09

  @ Guilherme Mello: Could you please provide the output you get in php & js?

Guilherme Mello
14 Jan '09

  If you try htmlspecialchars in PHP with this example, you're going to have a different conversion with javascript:

use the string : FS'IG'IKU"UJHFE

Kevin van Zonneveld
7 Jan '09

  @ Ashley Broadley: Thanks for noticing!
I guess the &amp; character must be the last character when decoding, but the first when encoding!

Ashley Broadley
7 Jan '09

  OK, I seem to have fixed this problem.
It turned out that the & symbol was at the bottom of the ascii decimal array in 'get_html_translation_table'. I simply moved it to the top and now everything is fine.

Can you test and confirm by emailing me?

Thanks
Ashley

Ashley Broadley
7 Jan '09

  I really find the idea of the php.js fantastic! I for one am very impressed with everyones work!

I have noticed a problem with the htmlentities (not sure if it applies to htmlspecialchars):

testing all the available symbols on my keyboard (£, <, >, ', " and such) i alert()'ed the supposedly encoded string and found that all ampersands were encoded, so "&pound;" would be "&amp;pound;" which then on a html page would echo "&pound;" and not "£" as it should.

im not a pro so im not sure whats causing the the bug.

just thought i would let you know!

Kevin van Zonneveld
13 Nov '08

  @ atv: I'm not able to reproduce that behavior here. Also, if I run that test, my single quotes are being replaced by #039; entities.

Are you sure you're running our latest version?

atv
11 Nov '08

   Today, 2008-11-11, this function encodes the string twice, so the output of such code

1

htmlspecialchars("<a href='test'>Test</a>", 'ENT_QUOTES')

Kevin van Zonneveld
20 Oct '08

  @ Philip Peterson: It's been decided some time ago that we do not want global dependencies (like constants). The method to implement these is to have the functions accept both the integer representation of the constants (leaving it compatible) and the constant as string (for usability).
I've done some work on merging get_html_translation_table, htmlentities & htmlspecialchars and their counterparts, check it out if your like.

Philip Peterson
15 Oct '08

   Here's an proposed implementation of get_html_translation_table. I do have a small problem though, which probably has a simple solution, and I used the actual integer values for constants instead of ENT_QUOTES, etc. ... would it not be more practical to do so, really, maybe have an optional "CONSTANTS" section in php.js?

Oh well, here's my code:

1
2
3
4
56
7
8
9
1011
12
13
14
1516
17
18
19
2021
22
23
24

HTML_SPECIALCHARS=0;
HTML_ENTITIES=1;
ENT_COMPAT=2;
ENT_QUOTES=3;
 function get_html_translation_table(table, quote_style)
{
retarr=[];
if(table==0)
{if(quote_style == 2 || quote_style == 3)
{
  retarr=['"':'&quot', '\'':''', '<':'<', '>':'>', '&':'&'];
}
if(quote_style == 2){
  // remove the ' entry
}
}
else if(table==1){
  // Do the same thing as table == 0, but with the huge list of characters found by calling get_html_translation_table(1)
}
}

Kevin van Zonneveld
18 Jul '08

  @ Arno: Thank you for correcting me. It should be okay now.

Arno
1 Jul '08

   I just see that your example here is wrong too. Here is the corrected version:

This is how you could call htmlspecialchars()

1

htmlspecialchars("<a href='test'>Test</a>", 'ENT_QUOTES');

Arno
1 Jul '08

   First of all thanks for this great work, does really help a lot.

However this issue doesn't seem fixed yet.

As Nathan already pointed out, you have to remove the single quotes in your regexp. so that it reads

1

string = string.replace(/</g, '<');

Kevin van Zonneveld
31 May '08

  @ Nathan: Thanks for pointing this out, fixed.

Nathan
26 May '08

  The source code doesn't work at all. There are two errors.
To fix it try this:

var reg=/&/g
string=string.replace(reg, '&amp;');