php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #68728 htmlentities() does not convert ' '/" to  /" with ENT_HTML5
Submitted: 2015-01-03 01:25 UTC Modified: 2021-09-15 09:26 UTC
From: yohgaki@php.net Assigned: cmb (profile)
Status: Not a bug Package: Strings related
PHP Version: Irrelevant OS: any
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: yohgaki@php.net
New email:
PHP Version: OS:

 

 [2015-01-03 01:25 UTC] yohgaki@php.net 
Description:
------------
' ' space is &nbsp and it's in conversion tables.

localhost:Documents yohgaki$ php -r 'print_r(get_html_translation_table(ENT_HTML5));'
Array
(
    ["] => "
    [&] => &
    [<] => &lt;
    [>] => &gt;
    [ ] => &nbsp;
    [¡] => &iexcl;

but ' '/" is not converted to &nbsp;/&quot; with htmlentities() at least.
" is converted to &quot; with additional ENT_QUOTES flag. However, htmlentities() should convert all chars according to the conversion table.


Test script:
---------------
php -r 'echo htmlentities("\" <>?&/", ENT_HTML5);'


Expected result:
----------------
&quot;&nbsp;&lt;&gt;&quest;&amp;&sol;

Actual result:
--------------
" &lt;&gt;&quest;&amp;&sol;

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-02-10 20:47 UTC] ppaisndud at gmail dot com 
This line causes this,

https://github.com/php/php-src/blob/master/ext/standard/html.c#L1316-L1318

probably can be moved to verified if it is a error.
 [2015-02-11 01:46 UTC] yohgaki@php.net
-Assigned To: +Assigned To: yohgaki
 [2015-02-11 01:46 UTC] yohgaki@php.net 
I've proposed this change once. I may try it again.
 [2018-02-28 22:21 UTC] cmb@php.net
-Package: Unknown/Other Function +Package: Strings related
 [2021-09-15 09:26 UTC] cmb@php.net
-Status: Assigned +Status: Not a bug -Assigned To: yohgaki +Assigned To: cmb
 [2021-09-15 09:26 UTC] cmb@php.net 
> However, htmlentities() should convert all chars according to
> the conversion table.

No.  Quotes and apostophes are handled according to ENT_COMPAT,
ENT_QUOTES and ENT_NOQUOTES, and ENT_HTML5 does not imply
ENT_QUOTES nor ENT_COMPAT, so ENT_NOQUOTES is effective.

This default might not be the best choice, but the behavior is not
a bug, and changing it would require the RFC process because of
the BC break.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Oct 29 14:00:01 2025 UTC