Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Requirement to use htmlspecialchars() everywhere #910

Open
igorsantos07 opened this issue Oct 11, 2016 · 3 comments
Open

Requirement to use htmlspecialchars() everywhere #910

igorsantos07 opened this issue Oct 11, 2016 · 3 comments

Comments

@igorsantos07
Copy link

igorsantos07 commented Oct 11, 2016
edited by Progi1984
Loading

Shouldn't content escaping be automatic, so we don't have to exactly remember DOCX is a XML file and manually escape our content before placing into the file? It's quite annoying having to run everything on htmlspecialchars() to avoid weird errors when opening the file. This is worse when you have user input :/

On a side note, this is not needed on the sister project PHPExcel, even on XLSX, so I think this should be the default behavior here as well?

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
@str
Copy link

str commented May 24, 2017

+1

@JakeQZ
Copy link

JakeQZ commented Nov 23, 2018

Since PHPWord 0.13.0 (I believe) you can use

\PhpOffice\PhpWord\Settings::setOutputEscapingEnabled(true);

which should do the trick. I don't know about PHPExcel.

@CHOUKI-Mouhssine
Copy link

@JakeQZ : thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@str @igorsantos07 @CHOUKI-Mouhssine @JakeQZ