diff options
| -rw-r--r-- | includes/unicode.inc | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/includes/unicode.inc b/includes/unicode.inc index 2813a5739..d06b43000 100644 --- a/includes/unicode.inc +++ b/includes/unicode.inc @@ -411,14 +411,20 @@ function _mime_header_decode($matches) { } /** - * Decode all HTML entities (including numerical ones) to regular UTF-8 bytes. - * Double-escaped entities will only be decoded once ("&lt;" becomes "<", not "<"). + * Decodes all HTML entities (including numerical ones) to regular UTF-8 bytes. + * + * Double-escaped entities will only be decoded once ("&lt;" becomes "<", + * not "<"). Be careful when using this function, as decode_entities can revert + * previous sanitization efforts (<script> will become <script>). * * @param $text * The text to decode entities in. * @param $exclude * An array of characters which should not be decoded. For example, * array('<', '&', '"'). This affects both named and numerical entities. + * + * @return + * The input $text, with all HTML entities decoded once. */ function decode_entities($text, $exclude = array()) { static $html_entities; |