-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Requirement to use htmlspecialchars() everywhere #910
Comments
+1 |
Since PHPWord 0.13.0 (I believe) you can use
which should do the trick. I don't know about PHPExcel. |
@JakeQZ : thank you |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Shouldn't content escaping be automatic, so we don't have to exactly remember DOCX is a XML file and manually escape our content before placing into the file? It's quite annoying having to run everything on
htmlspecialchars()
to avoid weird errors when opening the file. This is worse when you have user input :/On a side note, this is not needed on the sister project PHPExcel, even on XLSX, so I think this should be the default behavior here as well?
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The text was updated successfully, but these errors were encountered: