HTML_QuickForm addOptions Value and htmlspecialchars
in [PEAR]
|
From: led_belly on 31 Aug 2006 18:20 I am currently trying to create a select menu using HTML_Quickform but addOption seems to be replacing my values with HTML characters. Take for example the following: $select->addOption($name, 'ga_merchants.php?op=deals&id=' . $id); When processed, the markup for the option is as follows: <option value="ga_merchants.php?op=deals&id=1963">Test Item</option> I am using javascript to load new content when an option is selected so the value of the option must be a valid URI (i.e.: I need '&' NOT '&'). Any suggestions? -- View this message in context: http://www.nabble.com/HTML_QuickForm-addOptions-Value-and-htmlspecialchars-tf2199595.html#a6089394 Sent from the Pear - General forum at Nabble.com.
From: Alexey Borzov on 31 Aug 2006 18:25 Hi, led_belly wrote: > When processed, the markup for the option is as follows: > > <option value="ga_merchants.php?op=deals&id=1963">Test Item</option> > > I am using javascript to load new content when an option is selected so the > value of the option must be a valid URI (i.e.: I need '&' NOT '&'). > > Any suggestions? There is a javascript function in recent HTML_QuickForm_hierselect for unescaping the HTML entities.
From: "Justin Patrin" on 31 Aug 2006 22:49 On 8/31/06, Alexey Borzov <borz_off(a)cs.msu.su> wrote: > Hi, > > led_belly wrote: > > When processed, the markup for the option is as follows: > > > > <option value="ga_merchants.php?op=deals&id=1963">Test Item</option> > > > > I am using javascript to load new content when an option is selected so the > > value of the option must be a valid URI (i.e.: I need '&' NOT '&'). > > > > Any suggestions? > > There is a javascript function in recent HTML_QuickForm_hierselect for > unescaping the HTML entities. > I'd just like to point out that & is not valid by itself in XHTML (and not HTML, IIRC). It *has* to be escaped as & in order to be valid. Note that this is also done to avoid XSS (Cross Site Scripting) attacks. Your browser *should* be replacing the & with & in the real value, but this may be one of the places (in JS) where the value stays as the original even though it technically shouldn't. When the value is *submitted* again, however, it will almost surely be & and not & -- Justin Patrin
|
Pages: 1 Prev: DB_DataObject and specific mysql client encoding Next: MDB2 over DB |