View previous topic :: View next topic |
Author |
Message |
NuAlpha Smarty Regular
Joined: 08 Jan 2004 Posts: 71 Location: US
|
Posted: Fri Jul 22, 2005 6:57 pm Post subject: Escape double and single quotes |
|
|
Oddly it seems that when using {$foo|escape:'quotes'} Smarty will only escape single quotes instead of both single and double quotes. This is problematic with HTML attributes that need the " changed to "e;.
Double quotes can be escaped using {$foo|escape:'html'} but then that introduces its own problem by way of double escapement. For instance, if $foo contains the value: 12" FooBar™ Action Figure
If all HTML is escaped then that & becomes ™ which prevents the TM symbol from rendering. This is useful for such things a "title" or "alt" attribute that is dynamically filled.
Is there any solution to this other than doing the following on every attribute that could possibly have HTML entities already decoded?
{$foo|escape:'html'|regex_replace:'/&[A-z0-9#]+;([A-z0-9#]+);/i':'&\\1;'} _________________ Smarty -> v2.6.11
PHP -> v5.2.1
Last edited by NuAlpha on Tue Jul 26, 2005 5:10 pm; edited 3 times in total |
|
Back to top |
|
mohrt Administrator
Joined: 16 Apr 2003 Posts: 7368 Location: Lincoln Nebraska, USA
|
Posted: Fri Jul 22, 2005 9:32 pm Post subject: |
|
|
did you try {$foo|escape:'htmlall'} ? |
|
Back to top |
|
NuAlpha Smarty Regular
Joined: 08 Jan 2004 Posts: 71 Location: US
|
Posted: Fri Jul 22, 2005 9:54 pm Post subject: |
|
|
mohrt wrote: | did you try {$foo|escape:'htmlall'} ? |
That would have the same double-escapement problem, I believe, as {$foo|escape:'html'}. _________________ Smarty -> v2.6.11
PHP -> v5.2.1 |
|
Back to top |
|
mohrt Administrator
Joined: 16 Apr 2003 Posts: 7368 Location: Lincoln Nebraska, USA
|
Posted: Fri Jul 22, 2005 10:03 pm Post subject: |
|
|
I see. Smarty escape:quotes only escapes single quotes. Your best bet is to write a custom modifier:
{$foo|escape_quotes}
Which does exactly what you want. |
|
Back to top |
|
NuAlpha Smarty Regular
Joined: 08 Jan 2004 Posts: 71 Location: US
|
Posted: Wed Jul 27, 2005 2:41 am Post subject: |
|
|
Okay, I did just that. I was just hoping there was already something available.
Code: | <?php
/**
* Smarty plugin
* @package Smarty
* @subpackage plugins
*/
/**
* Smarty escape_quotes modifier plugin.
*
* Type: modifier<br />
* Name: escape_quotes<br />
* Purpose: Escape both double and single quotes.
* @author bjoshua
* @link http://www.phpinsider.com/smarty-forum/viewtopic.php?p=22951
* @param string $string
* @return string
* @version $Revision: 1.0.0 $
*/
function smarty_modifier_escape_quotes($string) {
$string = preg_replace('/"/', '"', $string);
return preg_replace("/'/", "\\\'", $string);
}
?> |
For any Smarty code developers, feel free to use this ever so simple code as you wish or include it in the official Smarty release if you are in that position. _________________ Smarty -> v2.6.11
PHP -> v5.2.1 |
|
Back to top |
|
messju Administrator
Joined: 16 Apr 2003 Posts: 3336 Location: Oldenburg, Germany
|
Posted: Wed Jul 27, 2005 8:38 am Post subject: |
|
|
FWIW: for such simple replacements better use str_replace or strtr, instead of pcre. like [php:1:8a0b48feff]return strtr($string, array('"' => '& quot;', '\'' => '\\\''));[/php:1:8a0b48feff] |
|
Back to top |
|
NuAlpha Smarty Regular
Joined: 08 Jan 2004 Posts: 71 Location: US
|
Posted: Thu Jul 28, 2005 7:44 pm Post subject: |
|
|
messju wrote: | FWIW: for such simple replacements better use str_replace or strtr, instead of pcre. like [php:1:6ccdacf0d4]return strtr($string, array('"' => '"', '\'' => '\\\''));[/php:1:6ccdacf0d4] |
Definately faster. Thanks for pointing that out. Took an average of 0.000020 seconds to execute for strstr() and 0.000028 seconds to execute for preg_replace().
Here is the updated version.
Code: | <?php
/**
* Smarty plugin
* @package Smarty
* @subpackage plugins
*/
/**
* Smarty escape_quotes modifier plugin.
*
* Type: modifier<br />
* Name: escape_quotes<br />
* Purpose: Escape both double and single quotes.
* @author bjoshua
* @link http://www.phpinsider.com/smarty-forum/viewtopic.php?p=22818
* @param string $string
* @version $Revision: 1.1.1 $
* @return string
*/
function smarty_modifier_escape_quotes($string) {
return strtr($string, array('"' => '"', '\'' => '\\\''));
}
?> |
Also, I find it odd that no matter what I do, except follow the ampersand with a space, I can't post any HTML entity code within a [ php ] code block in these forums. It always turns into & amp; instead of the code I used. Further more, greater than signs don't show at all. They are transformed to an ampersand if the entity code is used and simply stripped in both [ php ] and [ code ] blocks. _________________ Smarty -> v2.6.11
PHP -> v5.2.1
Last edited by NuAlpha on Fri Jan 13, 2006 8:18 pm; edited 1 time in total |
|
Back to top |
|
messju Administrator
Joined: 16 Apr 2003 Posts: 3336 Location: Oldenburg, Germany
|
Posted: Thu Jul 28, 2005 8:22 pm Post subject: |
|
|
NuAlpha wrote: | Also, I find it odd that no matter what I do, except follow the ampersand with a space, I can't post any HTML entity code within a [ php ] code block in these forums. It always turns into & amp; instead of the code I used. Further more, greater than signs don't show at all. They are transformed to an ampersand if the entity code is used and simply stripped in both [ php ] and [ code ] blocks. |
you just found out that phpbb (or at least it's php-highlight-extension) sucks. be sure you are not alone |
|
Back to top |
|
Siena Smarty n00b
Joined: 17 Oct 2007 Posts: 1
|
Posted: Wed Oct 17, 2007 11:38 pm Post subject: |
|
|
{assign var='value' value=$value|replace:'"':'"'} |
|
Back to top |
|
|