Non UTF-8 encoding and PHP5.4

phptal / PHPTAL

PHP Template Attribute Language — template engine for XSS-proof well-formed XHTML and HTML5 pages

http://phptal.org

GNU Lesser General Public License v2.1

176 stars 42 forks source link

Non UTF-8 encoding and PHP5.4 #11

Closed tanakahisateru closed 12 years ago

tanakahisateru commented 12 years ago

PHP5.4 has changed its internal encoding to utf-8 from latin-1 compatible multibyte. Then we got a problem to use htmlspecialchars with traditional CJK encodings as internal encoding. Calling htmlspecialchars without 3rd argument would be failed and return empty (or broken) string if non utf-8 text had been passed to it.

PHPTAL has setEncoding() but it was bit untrusted until PHP5.4. To avoid htmlspecialchars problem, now we should consider the encoding when calling htmlspecialchars if setEncoding() alive.

tanakahisateru commented 12 years ago

This issue seems closed.

tanakahisateru commented 12 years ago

ENT_NOQUOTES may be better choice just for only CDATA node.

tanakahisateru commented 12 years ago

Well, my change had broken consistency...

When $value = '"quoted"' currently:

<p><![[CDATA ${value} ]]></p> ===> <p>"quoted"</p>
<p>${value}</p> ===> <p>&quot;quoted&quot;</p>

but better behavior that I think more consistent is:

<p><![[CDATA ${value} ]]></p> ===> <p>&quot;quoted&quot;</p>
<p>${value}</p> ===> <p>&quot;quoted&quot;</p>

(Though <p>"quoted"</p> is beautiful but it allowed in plain text node only, and to detect where the value would be used in is so difficult.)

tanakahisateru commented 12 years ago

I close this issue not to change more. If something to be fixed would be there, I will assign a new issue number to it.