I'm now doing it this way:
<a title="<?php echo $title; ?>">...
But it will brreak when " is included in $title.
views:
110answers:
3
+3
A:
You should run that through htmlspecialchars first to make sure your HTML won't break.
Josh Leitzel
2009-10-03 18:50:16
+6
A:
Not that it's "the final solution", but obviously you need to escape any literal string that isn't mean to contain HTML. In this case:
<a title="<?php echo htmlspecialchars($title); ?>">
Lukáš Lalinský
2009-10-03 18:51:00
Actually you can have HTML in the title attribute. Just make sure you replace all quotes with "... I've used this jQuery tooltip (http://cssglobe.com/post/1695/easiest-tooltip-and-image-preview-using-jquery) and I have included all types of HTML markup.
fudgey
2009-10-04 03:05:14
Yes, well, you can in HTML and you can't in XHTML. Even in HTML, you need to escape the ampersand so that it's not evaluated as an entity. In general it's a better idea to escape everything, even if you are using HTML. It shouldn't affect the tooltip plugin, because it's looking at the parsed value, not the raw HTML file.
Lukáš Lalinský
2009-10-04 05:42:54
+2
A:
You should translate special characters into HTML entities first, easily done with htmlentities().
<a title="<?php echo htmlentities($title); ?>">
Mikael Auno
2009-10-03 18:51:52
Don't use htmlentities() if you don't have to. Use htmlspecialchars() instead. htmlentities() will encode some chars even if we don't need to, thus wasting space.
e-t172
2009-10-03 22:47:49