Klipp Ohei
Reputation: 385
htmlentities shows all chars but doesn't execute them
I currently have the problem that the htmlentities function shows all the special chars like <, >, ", ' and the function doesn't convert them to something like '.
However it doesn't execute things like <script>alert("test");</script>, it just displays it.
Is there any problem? If yes, how can I solve this?
My primary intention behind the htmlentities things is to be 100% safe against XSS attacks.
Example Code
$string = '<script>alert("test");</script>';
echo htmlentities($string, ENT_QUOTES, 'UTF-8');
Upvotes: 0
Views: 25
Answers (1)
Jacob
Reputation: 2767
You won't see the character codes unless you view the page source, because your browser is automatically converting the encoded characters for readability.
The fact that you can see them means that they are escaped and rendering properly.
Upvotes: 2
Related Questions
- htmlentities returning empty string
- PHP htmlentities not working even with parameters
- php htmlentities showing utf-8 encoded characters
- htmlentities destroys utf-8 strings
- Encoding problem when using htmlentities method
- htmlspecialchars + htmlentities not working
- htmlentities() returns nothing
- htmlentities() not working properly on web hosting server
- PHP htmlentities() not working as expected
- PHP: htmlentities not working with variable