Wednesday, December 01, 2004

htmlspecialchars() bug in

Found a strange htmlspecialchars() bug in

The title of my blog is <?php echo 'R. Rajesh Jeba Anbiah'; ?>, but doesn't convert the html entities in the title when it spits out. Because of this bug, the title doesn't appear in my blog--browser just treats it as a broken html tag. This bug could have been fixed by using
htmlspecialchars(), if it's powered by PHP.

Also, noticed that this compose box eats any texts entered such.

I gonna report this bug.


lawrence krubner said...

What do you mean the compose box eats your text? Do you mean PHP text? They are probably using strip_tags() or something, yes? For security?

R. Rajesh Jeba Anbiah said...

Yes, lawrence krubner. They may be stripping html tags. But, the compose box is really buggy. If you switch between "Edit HTML", "Compose" and "Preview", sometimes some of your texts will vanish suddenly.

This htmlspecialchars() bug appears only in blog tittle/header; in all other places they're converting it to proper html entities.