Jan 31, 2012 at 8:50 PM
Edited Jan 31, 2012 at 9:08 PM
I too would like to be able to disable Html encoding for the entire thing. I have to run the string through two different versions of the parser (one before data reaches database and again when the data is pulled out) and this encoding is tripping me up.
I think the choice should be up to us, even if the author thinks it is less secure.
In my scenario I have some special tags that need some pre-rendering before the content is saved to the database. The pre-rendering simplifies these special tags and turns them into basic tags. Then I store the content with basic tags in the DB. When I pull
the content out I want to run through a different parser to turn all tags to HTML before rendering to client. I can't store HTML in the database, only BBCode because it may not necessarily be written out to a web browser so the parsing needs to be different
based on how it is being viewed.
The problem is that this HTML encoding happens on the first parser (before the DB) so even content that's not going to be sent to a browser is HTML encoded. Also, when the data is pulled out the content is re-encoded by the second parser. So instead of encoding
< to < it ends up being &lt;. I really need the ability to disable encoding in the first parser (before the DB).
Great library, but this inability to turn this off is super super annoying.
Silly that I have to re-compile the source just to remove calls to htmlencode.