Nahser Bakht
Reputation: 930
htmlentities and json_encode, do I need to use htmlentities if using json_encode which escapes data?
htmlentities and json_encode, do I need to use htmlentities if using json_encode which escapes data?
is this enough - json_encode escapes data
echo json_encode( $items );
or do this use htmlentities to escape data:
foreach ( $data as $d ) {
$items[] = htmlentities( $d );
}
echo json_encode( $items );
client-side: JQuery ajax :
$('#textbox').attr( 'value', variable );
Upvotes: 2
Views: 1761
Answers (1)
Brad
Reputation: 6342
In general, you should not need to use htmlentities().
I'm assuming you're using this in the context of an ajax handler? If so, you're biggest concern will be what exactly your calling script is expecting back. If you're handling the JSON response appropriately, there is no need to do anything besides json_encode().
Upvotes: 1
Related Questions
- Is it acceptable to use htmlentities() before passing data to JavaScript?
- Is json_encode Sufficient XSS Protection?
- Escape html data inside JSON string using PHP or WordPress
- Proper way to escape json data in PHP without using JS comment hack
- Do i need to apply htmlspecialchars / htmlentites on json array?
- PHP AJAX call to MySQL database. How to properly escape HTML data returned (json_encode) to page?
- Using HTMLSPECIALCHARS on JSON results - needed?
- Security benefits of encoding HTML special characters in JSON responses
- do I need to escape_string for a json_encoded object?
- What is the correct encoding / escaping / htmlentities needed when sending data from js to php, php to mysql, and for REST json responses