Smarty Forum Index Smarty
The discussions here are for Smarty, a template engine for the PHP programming language.

Escape double and single quotes

 
Post new topic   Reply to topic    Smarty Forum Index -> General
View previous topic :: View next topic  
Author Message
NuAlpha
Smarty Regular


Joined: 08 Jan 2004
Posts: 71
Location: US

PostPosted: Fri Jul 22, 2005 6:57 pm    Post subject: Escape double and single quotes Reply with quote

Oddly it seems that when using {$foo|escape:'quotes'} Smarty will only escape single quotes instead of both single and double quotes. This is problematic with HTML attributes that need the " changed to &quote;.

Double quotes can be escaped using {$foo|escape:'html'} but then that introduces its own problem by way of double escapement. For instance, if $foo contains the value: 12" FooBar™ Action Figure

If all HTML is escaped then that & becomes ™ which prevents the TM symbol from rendering. This is useful for such things a "title" or "alt" attribute that is dynamically filled.

Is there any solution to this other than doing the following on every attribute that could possibly have HTML entities already decoded?
{$foo|escape:'html'|regex_replace:'/&[A-z0-9#]+;([A-z0-9#]+);/i':'&\\1;'}
_________________
Smarty -> v2.6.11
PHP -> v5.2.1


Last edited by NuAlpha on Tue Jul 26, 2005 5:10 pm; edited 3 times in total
Back to top
View user's profile Send private message
mohrt
Administrator


Joined: 16 Apr 2003
Posts: 7365
Location: Lincoln Nebraska, USA

PostPosted: Fri Jul 22, 2005 9:32 pm    Post subject: Reply with quote

did you try {$foo|escape:'htmlall'} ?
Back to top
View user's profile Send private message Visit poster's website
NuAlpha
Smarty Regular


Joined: 08 Jan 2004
Posts: 71
Location: US

PostPosted: Fri Jul 22, 2005 9:54 pm    Post subject: Reply with quote

mohrt wrote:
did you try {$foo|escape:'htmlall'} ?


That would have the same double-escapement problem, I believe, as {$foo|escape:'html'}.
_________________
Smarty -> v2.6.11
PHP -> v5.2.1
Back to top
View user's profile Send private message
mohrt
Administrator


Joined: 16 Apr 2003
Posts: 7365
Location: Lincoln Nebraska, USA

PostPosted: Fri Jul 22, 2005 10:03 pm    Post subject: Reply with quote

I see. Smarty escape:quotes only escapes single quotes. Your best bet is to write a custom modifier:

{$foo|escape_quotes}

Which does exactly what you want.
Back to top
View user's profile Send private message Visit poster's website
NuAlpha
Smarty Regular


Joined: 08 Jan 2004
Posts: 71
Location: US

PostPosted: Wed Jul 27, 2005 2:41 am    Post subject: Reply with quote

Okay, I did just that. I was just hoping there was already something available.
Code:
<?php
/**
 * Smarty plugin
 * @package Smarty
 * @subpackage plugins
 */


/**
 * Smarty escape_quotes modifier plugin.
 *
 * Type:     modifier<br />
 * Name:     escape_quotes<br />
 * Purpose:  Escape both double and single quotes.
 * @author bjoshua
 * @link http://www.phpinsider.com/smarty-forum/viewtopic.php?p=22951
 * @param string $string
 * @return string
 * @version $Revision: 1.0.0 $
 */
function smarty_modifier_escape_quotes($string) {
   $string = preg_replace('/"/', '&quot;', $string);
   return preg_replace("/'/", "\\\'", $string);
}

?>


For any Smarty code developers, feel free to use this ever so simple code as you wish or include it in the official Smarty release if you are in that position. Wink
_________________
Smarty -> v2.6.11
PHP -> v5.2.1
Back to top
View user's profile Send private message
messju
Administrator


Joined: 16 Apr 2003
Posts: 3336
Location: Oldenburg, Germany

PostPosted: Wed Jul 27, 2005 8:38 am    Post subject: Reply with quote

FWIW: for such simple replacements better use str_replace or strtr, instead of pcre. like [php:1:8a0b48feff]return strtr($string, array('"' => '& quot;', '\'' => '\\\''));[/php:1:8a0b48feff]
Back to top
View user's profile Send private message Send e-mail Visit poster's website
NuAlpha
Smarty Regular


Joined: 08 Jan 2004
Posts: 71
Location: US

PostPosted: Thu Jul 28, 2005 7:44 pm    Post subject: Reply with quote

messju wrote:
FWIW: for such simple replacements better use str_replace or strtr, instead of pcre. like [php:1:6ccdacf0d4]return strtr($string, array('"' => '&quot;', '\'' => '\\\''));[/php:1:6ccdacf0d4]


Definately faster. Thanks for pointing that out. Took an average of 0.000020 seconds to execute for strstr() and 0.000028 seconds to execute for preg_replace().

Here is the updated version.

Code:
<?php
/**
 * Smarty plugin
 * @package Smarty
 * @subpackage plugins
 */


/**
 * Smarty escape_quotes modifier plugin.
 *
 * Type:     modifier<br />
 * Name:     escape_quotes<br />
 * Purpose:  Escape both double and single quotes.
 * @author bjoshua
 * @link http://www.phpinsider.com/smarty-forum/viewtopic.php?p=22818
 * @param string $string
 * @version $Revision: 1.1.1 $
 * @return string
 */
function smarty_modifier_escape_quotes($string) {
   return strtr($string, array('"' => '&quot;', '\'' => '\\\''));
}

?>


Also, I find it odd that no matter what I do, except follow the ampersand with a space, I can't post any HTML entity code within a [ php ] code block in these forums. It always turns into & amp; instead of the code I used. Further more, greater than signs don't show at all. They are transformed to an ampersand if the entity code is used and simply stripped in both [ php ] and [ code ] blocks.
_________________
Smarty -> v2.6.11
PHP -> v5.2.1


Last edited by NuAlpha on Fri Jan 13, 2006 8:18 pm; edited 1 time in total
Back to top
View user's profile Send private message
messju
Administrator


Joined: 16 Apr 2003
Posts: 3336
Location: Oldenburg, Germany

PostPosted: Thu Jul 28, 2005 8:22 pm    Post subject: Reply with quote

NuAlpha wrote:
Also, I find it odd that no matter what I do, except follow the ampersand with a space, I can't post any HTML entity code within a [ php ] code block in these forums. It always turns into & amp; instead of the code I used. Further more, greater than signs don't show at all. They are transformed to an ampersand if the entity code is used and simply stripped in both [ php ] and [ code ] blocks.


you just found out that phpbb (or at least it's php-highlight-extension) sucks. be sure you are not alone Wink
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Siena
Smarty n00b


Joined: 17 Oct 2007
Posts: 1

PostPosted: Wed Oct 17, 2007 11:38 pm    Post subject: Reply with quote

{assign var='value' value=$value|replace:'"':'&quot;'}
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Smarty Forum Index -> General All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP