lahekn4kuk
New Member
I just recently encountered a problem that I wasn't really expecting. Up to this point I use htmlentites() to protect against XSS attacks. I don't make it an option for users to enter html so it works perfectly, except for when foreign users want to use the system, and htmlentites() displays their letters as gibberish. I've used HTML purifier classes that are used along with WYSIWYG editors to protect against XSS, but it's a full class and it does make effect performance, and I don't really have to worry about allowing some html while blocking others because html isn't the problem, its just the special characters. If I have to I'll use one, but I was wondering if there was a built in php function for escaping html characters, but displaying foreign languages. I'd imagine their has to be, because PHP isn't only used by English speaking people.Thanks!