This is an archived copy of the forum for reference purposes

Difference between fHTML::encode() and fHTML::prepare()

posted by xdreamcoding 8 years ago

Anyone?

fHTML::encode() always escapes &, ", ', < and > as HTML entities. fHTML::prepare() takes semi-valid HTML and cleans up HTML tags and escapes the HTML special characters when they are not part of an HTML tag or entity.

fHTML::encode() should be used by default. fHTML::prepare() does not protect against cross-site scripting attacks and should only be used to "fix up" trusted content that contains HTML.

posted by wbond 8 years ago

Sorry but as non native english speaker and hobby coder i couldn't get much solution out of the documentation and you kinda just repeated the documentation...

sooo i played around a bit with those two functions and at the end its quite simple :D

fHTML::encode('<p>la*;l"a%</p>')

will return

#!text/html
&lt;p&gt;la*;l&quot;a%&lt;/p&gt;

and at your website it will look like this:

#!text/html
<p>la*;l"a%</p>

fHTML::prepare('<p>la*;l"a%</p>')

however will return

#!text/html
<p>la*;l&quot;a%</p>

you will see:

#!text/html
la*;l"a%

posted by xdreamcoding 8 years ago