[pmwiki-users] Foxedit and special characters

[Hans]

Saturday, January 17, 2009, 9:00:45 PM, James DeVain wrote:

> Hans (or anyone else who might know), I wanted foxedit's edit form to
> not display character codes instead of HTML characters (for example,
> it would display "<" as "&lt;"). I couldn't figure out a way to change
> it in my config file, so I just changed foxedit.php, line 84, from:

> ...('$','&#036;',htmlspecialchars($text,ENT_NOQUOTES));       

> to:

> ...('$','&#036;',htmlspecialchars_decode($text,ENT_NOQUOTES));  

> Do you see any problem with this? Or is there a better way to handle it?

foxedit.php uses
htmlspecialchars($text,ENT_NOQUOTES)
on input text for preventing user-supplied text from containing HTML
markup, such as in a forum or commentbox application.
What you propose to do will remove this security measure.

In my working with foxedit i do not see HTML character codes
displayed in a wiki page or in a textarea form called by foxedit.
I can see it only by looking at the HTML page source.

not sure why it will show in your edit area as HTML code.
What browser do you use? I suspect some browser setting perhaps will
not decode the HTML characters in a textarea, but will show them
plain.
I use Firefox in general.


  ~Hans