[whatwg] base64 entities
and-py at doxdesk.com
Thu Aug 26 15:28:59 PDT 2010
On 08/26/2010 10:56 PM, Aryeh Gregor wrote:
> I don't know of any general-purpose way to have
> "</string>" in a string literal (or anywhere else),
A JSON encoder may offer the option to avoid HTML-special characters in
string literals, encoded as escapes like `\u003C`. This allows literals
element, so may or may not need HTML-encoding.
> other than splitting it up like "</scr" + "ipt>".
This is a common but wrong idiom that should be avoided; it won't
validate because in HTML4 the `</` sequence itself (ETAGO) ends a script
> elmt.innerHTML = 'Hi there<?php echo htmlspecialchars($name) ?>.';
Is a common error (security hole).
an entirely different proposition to encoding text for use in HTML
PHP offers no JS-string-literal-escape function. `addslashes` is very
close, but won't handle some cases with non-ASCII characters correctly.
Better to use `json_encode` to transfer the string, then write as text:
elmt.textContent = <?php echo json_encode('Hi there, '+$name,
(assuming innerText or Text Node backup for IE/older browsers.)
A 'magic' escaping feature that will somehow guess what sort of encoding
the author means is wishful (impossible) thinking. A base64-encoded
mailto:and at doxdesk.com
More information about the whatwg