I just recently encountered a problem that I wasn't really expecting. Up to this point I use htmlentites() to protect against XSS attacks. I don't make it an option for users to enter html so it works perfectly, except for when foreign users want to use the system, and htmlentites() displays their letters as gibberish.
I've used HTML purifier classes that are used along with WYSIWYG editors to protect against XSS, but it's a full class and it does make effect performance, and I don't really have to worry about allowing some html while blocking others because html isn't the problem, it
s just the special characters. If I have to I'll use one, but I was wondering if there was a built in php function for escaping html characters, but displaying foreign languages. I'd imagine their has to be, because PHP isn't only used by English speaking people.
Thanks! Try it with htmlspecialchars instead. That should suffice for the HTML special characters.
以上就是Displaying user input as foreign languages的详细内容，更多请关注web前端其它相关文章！