how to htmlencode this string to help prevent javascript injections?

2 posts by 2 authors in: Forums > CMS Builder
Last Post: July 18, 2022   (RSS)

By daniel - July 18, 2022

Hi Codee,

In general, the simplest way to do this is to add the htmlencode() at each place a variable is being output on the page, e.g. places with "echo". Like this:

Results page '<?php echo htmlencode($blogMetaData['page']); ?>' not found, <a href="<?php echo htmlencode($blogMetaData['firstPageLink']); ?>">start over &gt;&gt;</a>.<br><br>

Note that by default htmlencode() will re-encode strings even if they're already encoded, which may cause issues in some cases. Double-encoding can be turned off with the 3rd function parameter, like this:

<?php echo htmlencode($string, null, false); ?>

(The 2nd parameter has to do with encoding "<br>", passing null will leave the default behavior)

Let me know if that helps, or if you have any specific issues/questions I can address!

Thanks,

Daniel
Technical Lead
interactivetools.com