As you can see in the example extra quote marks are added in my html atributes on import. For our export we are using htmlspecialchars() so the xml is builded correctly and the issue appears after import with the plugin. So is there an option to add in the import hook htmlentities so all characters can be supported in the html?

plugins/ajax-load-more-anything/inc/ald-scripts.php
Error: All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found ‘htmlentities’ (WordPress.Security.EscapeOutput.OutputNotEscaped).

plugins/ajax-load-more-anything/inc/ald-scripts.php
Error: All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found ‘ob_get_clean’ (WordPress.Security.EscapeOutput.OutputNotEscaped).

Is there a way I can edit this so the output is escaped?

Thank you for your support and for the plugin!

However, after applying this plugin, they now show as entities, not as intended. If I change it back to < and >, it will mean, that the moment I turn this plugin off, all my pages containing code with < and > will break.

Please help, what can I do about that?

https://www.ads-software.com/plugins/wp-code-highlight/

However, after applying this plugin, they now show as entities, not as intended. If I change it back to < and >, it will mean, that the moment I turn this plugin off, all my pages containing code with < and > will break.

Please help, what can I do about that?

https://www.ads-software.com/plugins/syntaxhighlighter/

How do you actually do that? When I inspect with firebug there is not an html entity or character code – but still the actual < or > which are not permitted characters in the display text.

I am concerned that it may lead to problems later.

https://www.ads-software.com/plugins/crayon-syntax-highlighter/

Thanks for your plugin. It helps a lot and I just found that there is a little problem:

in the line with this code to display the Custom Message,
because
htmlentities(substr($v['message'],0,32))
will break Chinese word/unstable, so a universal method is better with
htmlspecialchars(mb_substr($v['message'],0,32))

also because substr() does not support multi-byte character, so
mb_string() is preferred. I think it is good for plugin will probably be used in worldwide.

Hope this can help to improve it.

https://www.ads-software.com/plugins/bainternet-posts-creation-limits/

I have one small issue with it: when I’m adding some html entities for < and > to page content, plugin removes all entities after page reload

I think it is here tinymce-advanced.php:211:
$c = str_replace( array(‘&’, ‘<‘, ‘>’), array(‘&’, ‘<‘, ‘>’), $c );
How this can be fixed?

https://www.ads-software.com/extend/plugins/tinymce-advanced/

You will need to do the encode on the server-side… In PHP, you can use the htmlentities() function to encode or escape non-alphanumeric characters, i.e.
$clean_email = htmlentiities($_POST[’email’);

I am trying to secure a contact form with the typical Name, Email, Message.

Can anyone help me with this? What code and where do I need to add it? (Fucntions.php?) thanks!

-Simone

I’m using the SyntaxHighlighter Evolved plugin and every time I enter some code using the following process, all of the <, >, etc. are converted to <, &rt;, etc.

1. Type/paste code.
2. Type shortcode ()
3. Save and Preview – all entities are converted!

Please let me know if you know a fix. Thanks!! I don’t mind bypassing WP’s post protection (disallowing HTML in posts, etc.) as long as the thing works.

I’m using plugin ver. 0.9.6 with WP 3.4.1. I hope you’ll fix this small bug on the next release as well as paid version as I’m interested to addon features once I’m sure the bug is fixed.

https://www.ads-software.com/extend/plugins/pwaplusphp/