Phpword: Requirement to use htmlspecialchars() everywhere

Created on 11 Oct 2016  路  3Comments  路  Source: PHPOffice/PHPWord

Shouldn't content escaping be automatic, so we don't have to exactly remember DOCX is a XML file and manually escape our content before placing into the file? It's quite annoying having to run everything on htmlspecialchars() to avoid weird errors when opening the file. This is worse when you have user input :/

On a side note, this is not needed on the sister project PHPExcel, even on XLSX, so I think this should be the default behavior here as well?


Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Most helpful comment

Since PHPWord 0.13.0 (I believe) you can use

\PhpOffice\PhpWord\Settings::setOutputEscapingEnabled(true);

which should do the trick. I don't know about PHPExcel.

All 3 comments

+1

Since PHPWord 0.13.0 (I believe) you can use

\PhpOffice\PhpWord\Settings::setOutputEscapingEnabled(true);

which should do the trick. I don't know about PHPExcel.

@JakeQZ : thank you

Was this page helpful?
0 / 5 - 0 ratings

Related issues

carlosvr90 picture carlosvr90  路  4Comments

ortegacmanuel picture ortegacmanuel  路  6Comments

dwalker109 picture dwalker109  路  6Comments

cyrillkalita picture cyrillkalita  路  6Comments

agang235 picture agang235  路  3Comments