#19 Smart escaping of feed/item URLs

open
nobody
None
5
2004-06-30
2004-06-30
Brian S
No

There are some cases that I've run into where feed/item
URLs might end up double-escaped. This is easy enough
to read past in the link title, but it breaks the link
itself in a way that's pretty annoying.

What I did was to add a "smart escape" function to
init.php and call this function in both view.php files
instead of htmlspecialchars() when getting feed/item
URLs ready to send to the browser. The function is as
follows:

function fof_escape_link_url($url)
{
$url = str_replace("%26amp%3B", "%26", $url);

if (strstr($url, "&"))
return $url; // At a glance, this is
already escaped

return htmlspecialchars($url);
}

Typically, if a URL has already been escaped enough, it
will contain "&" entities that reflect that. While
those aren't necessary for most browsers, that isn't
truly valid HTML. The first line of the function fixes
things related to at least one broken feed that I keep
up with, and doesn't seem to affect anything else so far.

Discussion