Single/double encoding of form values

[rudiedirkx]

Let's say I have a form with translations. One of the translations explains how to fill in some field:

Use <span> to highlight numbers.

I want the <span> to actually show as <span>, not as invisible HTML tag, so I type <code>&lt;span&gt;</code> to make that obvious. See how Github keeps this HTML?

Since textarea() doesn't double encode, my HTML is changed to <code><span></code> when I load the form, which makes the span an invisible HTML element, not a readable instruction. The form builder decides I don't mean <span>, but <span>. That's weird, because I just entered the other one. So the form builder is changing what I enter.

I understand some people want this, because they can't get their html encoding straight. For labels and descriptions, I understand. For actual form values, I don't.

Even Laravel's e() has changed to defaullt double encode, because it's more correct. Maybe make it configurable for people who want correct HTML encoding? Many of many translation forms are now broken, because the form builder keeps changing values.

This has been an issue before, but then there was understandable outrage from people who do expect this. Maybe fix it in such a way that doesn't change anything by default, but that I can enable?

[rudiedirkx]

For value attributes in input this might be impossible, because every attribute is treated equally, so you can't single encode title but double encode value. At least for textarea it's easy, because it's an explicit e().

[rudiedirkx]

Doesn't anyone type their HTML templates in a textarea rendered by laravelcollective/html? That's just impossible with this bug/feature. Maybe nobody does. I don't.

[bsesic]

I got the same issue assigning a class to a form, with: ['class' => 'form-control']