WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#22668 closed feature request (invalid)

Introduce esc_attr() reverted function

Reported by: alexvorn2 Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Formatting Keywords: close
Focuses: Cc:

Description

A function that will decode

< > & " '

to

< > & " '

(less than, greater than, ampersand, double quote, single quote).

Change History (4)

comment:1 follow-up: @dd323 years ago

  • Keywords close added
  • Type changed from defect (bug) to feature request

Sounds like you're after html_entity_decode()

comment:2 @nacin3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

comment:3 in reply to: ↑ 1 @alexvorn23 years ago

Replying to dd32:

Sounds like you're after html_entity_decode()

this function does not work for single quote.

If a such function exists - esc_attr() then logically it should also exist a reverted function like capture_attr() or cap_attr() for such task.

function esc_attr():

function esc_attr( $text ) {
	$safe_text = wp_check_invalid_utf8( $text );
	$safe_text = _wp_specialchars( $safe_text, ENT_QUOTES );
	return apply_filters( 'attribute_escape', $safe_text, $text );
}

function cap_attr():

function cap_attr( $text ) {
	$safe_text = wp_specialchars_decode( $text, ENT_QUOTES );
	return apply_filters( 'attribute_capture', $safe_text, $text );
}

No?

Last edited 3 years ago by alexvorn2 (previous) (diff)

comment:4 @dd323 years ago

If a such function exists - esc_attr() then logically it should also exist a reverted function like capture_attr() or cap_attr() for such task.

esc_attr() is designed for escaping data to be used in HTML attributes, There are very rare cases where you should need to convert the data back, If you're saving something using esc_attr() and then later need to convert it back, you're probably doing it wrong, or using the wrong form of sanitization.

this function does not work for single quote.

When used in it's compatibility mode (default) it doesn't, however, like most PHP functions, it has a range of configuration parameters.

echo html_entity_decode( '&lt; &gt; &amp; &quot; &#039;', ENT_QUOTES ); // outputs < > & " '
Note: See TracTickets for help on using tickets.