summaryrefslogtreecommitdiff
path: root/includes/common.inc
diff options
context:
space:
mode:
Diffstat (limited to 'includes/common.inc')
-rw-r--r--includes/common.inc21
1 files changed, 18 insertions, 3 deletions
diff --git a/includes/common.inc b/includes/common.inc
index f95597f87..6cdd22bde 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -4804,14 +4804,29 @@ function drupal_clear_js_cache() {
/**
* Converts a PHP variable into its JavaScript equivalent.
*
- * We use HTML-safe strings, i.e. with <, > and & escaped.
+ * We use HTML-safe strings, with several characters escaped.
*
* @see drupal_json_decode()
+ * @see drupal_json_encode_helper()
* @ingroup php_wrappers
*/
function drupal_json_encode($var) {
- // json_encode() does not escape <, > and &, so we do it with str_replace().
- return str_replace(array('<', '>', '&'), array('\u003c', '\u003e', '\u0026'), json_encode($var));
+ // The PHP version cannot change within a request.
+ static $php530;
+
+ if (!isset($php530)) {
+ $php530 = version_compare(PHP_VERSION, '5.3.0', '>=');
+ }
+
+ if ($php530) {
+ // Encode <, >, ', &, and " using the json_encode() options parameter.
+ return json_encode($var, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT);
+ }
+
+ // json_encode() escapes <, >, ', &, and " using its options parameter, but
+ // does not support this parameter prior to PHP 5.3.0. Use a helper instead.
+ include_once DRUPAL_ROOT . '/includes/json-encode.inc';
+ return drupal_json_encode_helper($var);
}
/**
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 14:32:10 +0000