util_expand_entities_ie_style (public)

 util_expand_entities_ie_style html

Defined in packages/acs-tcl/tcl/text-html-procs.tcl

Replaces all occurrences of o and &x0f; type HTML character entities to their ASCII equivalents. It also handles lt, gt, quot, ob, cb and amp.

This proc does the expansion in the style of IE and Netscape, which is to say that it doesn't require the trailing semicolon on the entity to replace it with something else. The reason we do that is that this proc was designed for checking HTML for security-issues, and since entities can be used for hiding malicious code, we'd better simulate the liberal interpretation that browsers does, even though it complicates matters.

Unlike its sister proc, util_expand_entities, it also expands numeric entities (#999 or #xff style).

Parameters:
html
Author:
Lars Pind <lars@pinds.com>
Created:
October 17, 2000

Partial Call Graph (max 5 caller/called nodes):
%3 ad_parse_html_attributes_upvar ad_parse_html_attributes_upvar (private) util_expand_entities_ie_style util_expand_entities_ie_style ad_parse_html_attributes_upvar->util_expand_entities_ie_style

Testcases:
No testcase defined.
[ show source ]
Show another procedure: