Page 1 of 1

Parameters not converted to HTML Entities

Posted: Sun Feb 08, 2009 5:32 pm
by bucabay
When rendering the values for parameters when you edit an extension, the parameters are not converted to HTML entities in the textarea. Because of this, you lose existing HTML entities.

The file that renders the HTML for the textarea parameters is:

/libraries/joomla/html/parameter/element/textarea.php

on line 43:

Code: Select all

$value = str_replace('<br />', "\n", $value);
Should be:

Code: Select all

$value = htmlspecialchars($value, ENT_QUOTES, 'UTF-8');
That would preserve the <br /> tags as well. At the moment, Joomla1.5 will just remove <br /> tags, and then later on convert any new lines to <br />. This has the effect of making it impossible to distinguish between a <br /> and a \n when retrieving parameters.

An example is the simple &

If you place that in a textarea parameter, then when you save it, it actually saves to the db as &. However, when rendered back to the textarea it is rendered in HTML as &. This is interpreted by the browser to represent a literal &. Thus when you save it again, you actually save & and not & to the database.

To preserve the character in HTML you have to convert & to &amp; before rendering to HTML. Thus the browser treats it as the literal &.

Re: Parameters not converted to HTML Entities

Posted: Thu Jul 16, 2009 7:23 pm
by GPRyan
bucabay wrote:To preserve the character in HTML you have to convert & to &amp; before rendering to HTML. Thus the browser treats it as the literal &.
Thank you Bucabay - wish I'd spotted your post several hours ago!
This solved my problem of disappearing 'amp;' in a custom html module. 8)