function htmlspecialchars_decode (string, quote_style) { // http://kevin.vanzonneveld.net // + original by: Mirek Slugen // + improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) // + bugfixed by: Mateusz "loonquawl" Zalega // + input by: ReverseSyntax // + input by: Slawomir Kaniecki // + input by: Scott Cariss // + input by: Francois // + bugfixed by: Onno Marsman // + revised by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) // + bugfixed by: Brett Zamir (http://brett-zamir.me) // + input by: Ratheous // + input by: Mailfaker (http://www.weedem.fr/) // + reimplemented by: Brett Zamir (http://brett-zamir.me) // + bugfixed by: Brett Zamir (http://brett-zamir.me) // * example 1: htmlspecialchars_decode("

this -> "

", 'ENT_NOQUOTES'); // * returns 1: '

this -> "

' // * example 2: htmlspecialchars_decode("""); // * returns 2: '"' var optTemp = 0, i = 0, noquotes= false; if (typeof quote_style === 'undefined') { quote_style = 2; } string = string.toString().replace(/</g, '<').replace(/>/g, '>'); var OPTS = { 'ENT_NOQUOTES': 0, 'ENT_HTML_QUOTE_SINGLE' : 1, 'ENT_HTML_QUOTE_DOUBLE' : 2, 'ENT_COMPAT': 2, 'ENT_QUOTES': 3, 'ENT_IGNORE' : 4 }; if (quote_style === 0) { noquotes = true; } if (typeof quote_style !== 'number') { // Allow for a single string or an array of string flags quote_style = [].concat(quote_style); for (i=0; i < quote_style.length; i++) { // Resolve string input to bitwise e.g. 'PATHINFO_EXTENSION' becomes 4 if (OPTS[quote_style[i]] === 0) { noquotes = true; } else if (OPTS[quote_style[i]]) { optTemp = optTemp | OPTS[quote_style[i]]; } } quote_style = optTemp; } if (quote_style & OPTS.ENT_HTML_QUOTE_SINGLE) { string = string.replace(/�*39;/g, "'"); // PHP doesn't currently escape if more than one 0, but it should // string = string.replace(/'|�*27;/g, "'"); // This would also be useful here, but not a part of PHP } if (!noquotes) { string = string.replace(/"/g, '"'); } // Put this in last place to avoid escape being double-decoded string = string.replace(/&/g, '&'); return string; } function htmlspecialchars (string, quote_style, charset, double_encode) { // http://kevin.vanzonneveld.net // + original by: Mirek Slugen // + improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) // + bugfixed by: Nathan // + bugfixed by: Arno // + revised by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) // + bugfixed by: Brett Zamir (http://brett-zamir.me) // + input by: Ratheous // + input by: Mailfaker (http://www.weedem.fr/) // + reimplemented by: Brett Zamir (http://brett-zamir.me) // + input by: felix // + bugfixed by: Brett Zamir (http://brett-zamir.me) // % note 1: charset argument not supported // * example 1: htmlspecialchars("Test", 'ENT_QUOTES'); // * returns 1: '<a href='test'>Test</a>' // * example 2: htmlspecialchars("ab\"c'd", ['ENT_NOQUOTES', 'ENT_QUOTES']); // * returns 2: 'ab"c'd' // * example 3: htmlspecialchars("my "&entity;" is still here", null, null, false); // * returns 3: 'my "&entity;" is still here' var optTemp = 0, i = 0, noquotes= false; if (typeof quote_style === 'undefined' || quote_style === null) { quote_style = 2; } string = string.toString(); if (double_encode !== false) { // Put this first to avoid double-encoding string = string.replace(/&/g, '&'); } string = string.replace(//g, '>'); var OPTS = { 'ENT_NOQUOTES': 0, 'ENT_HTML_QUOTE_SINGLE' : 1, 'ENT_HTML_QUOTE_DOUBLE' : 2, 'ENT_COMPAT': 2, 'ENT_QUOTES': 3, 'ENT_IGNORE' : 4 }; if (quote_style === 0) { noquotes = true; } if (typeof quote_style !== 'number') { // Allow for a single string or an array of string flags quote_style = [].concat(quote_style); for (i=0; i < quote_style.length; i++) { // Resolve string input to bitwise e.g. 'PATHINFO_EXTENSION' becomes 4 if (OPTS[quote_style[i]] === 0) { noquotes = true; } else if (OPTS[quote_style[i]]) { optTemp = optTemp | OPTS[quote_style[i]]; } } quote_style = optTemp; } if (quote_style & OPTS.ENT_HTML_QUOTE_SINGLE) { string = string.replace(/'/g, '''); } if (!noquotes) { string = string.replace(/"/g, '"'); } return string; }