How to turn off kohana's string sanitisation temporarily

Question

I'm building a dynamic form in Kohana and notice that it is doing the following:

 echo "'";

results in

' 

in the output instead of a literal ' character.

I suspect its xss_clean getting in the way which is normally a good thing, but if I want to avoid it I have to code differently when I need a literal ' output to the page.

e.g.

echo form::input($id"['did'", $did);

results in output looking like.

<input type="text" name="1[&#039;did&#039;]" value="12345" />

Yuck!

suggestions anyone?

Answer 1

If you look at the HTML class code you'll notice that all attributes are generated with HTML::attributes(), which makes all vars go through htmlspecialchars().

( This should have been HTML::chars(), one more thing to report at kohana dev lol ).

This is done in order to make elements generated with kohana HTML class valid. If you really want to make it invalid, write it as it's outputted without using the HTML class.