What is the easiest way to Html encode in PHP?
I've got encoded html where even tags are encoded into html entities
Some <b> bold </b> text
I'd like to display this as a spanned string in
TextView, however the only way to do it is using
val decoded = Html.fromHtml("").toString() // Some <b>bold</b> textval spanned = Html.fromHtml(decoded)
Is there cleaner way to do this?
I am getting confused with character encoding.
I understand people do things differently, but many suggest you should store your input in the database as it is entered, then deal with it when you are reading it in accordance with what you are planning to do with it. This makes sense to me.
So, if a user enters an apostrophe, double quote or ampersand, less than, greater than sign, these will be written in my database as ' " & < > respectively.
Now, reading the data with php, I am running the text through HTMLPurify to catch any injection issues.
Should I also htmlencode it? If I don't, it all appears OK (in Chrome and Firefox) but I am not sure if this is correct and will it display properly in other browsers?
If I use htmlentities with ENT_QUOTES, and htmlspecialchars, I start getting the codes coming through for these characters, which I believe is what I should see if looking at the page source, but not on the page the user sees.
The problem is, without doing the encoding, I am seeing what I want to see, but have this niggle in my mind, that I am not doing it correctly!
I'm developing an application for the iPhone that has inApp-mail sending capabilities. So far so good, but now I want to avoid html-injections as some parts of the mail are user-generated texts.
Basically I search for something like this:
// initsNSString *sourceString = [NSString stringWithString:@"Hello world! Grüße dich Welt <-- This is in German."];// ----- THAT'S WHAT I'M LOOKING FOR// pseudo-code |// VNSString *htmlEncodedString = [sourceString htmlEncode];// logNSLog(@"source string: %@", sourceString);NSLog(@"encoded string: %@", htmlEncodedString);
source string: Hello world! Grüße dich Welt <-- This is in German.
encoded string: Hello world! Grüße dich Welt <-- This is in German.
I already googled and looked through several of SO's questions and answers, but all of them seem to be related to URL-encoding and that's not what I really need (I tried
stringByAddingPercentEscapesUsingEncoding with no luck - it creates %C3%BC out of an 'ü' that should be an ü).
A code sample would be really great (correcting mine?)...
Thanks in advance,