Best practice for escaping the ampersand '&' in fields

[landitus]

I've recently noticed that some of my pages failed the html5 validator because ampersands (&) were just printed as-is. I tried to set the field to "encode htmlentities", but the ampersand now prints as "&".

What am I doing wrong? What is the prefered way to deal with this? I've been having the same issue with title fields, text fields and WYSIWYG fields.

[teppo]

TinyMCE escapes ampersands automatically, so there's no reason to worry there. They're always stored in their escaped format, "&". Plain textareas store ampersands as-is ("&"), but "HTML Entity Encoder" textformatter automatically escapes them run-time, when you're echoing field content.

Ampersands printing as "&" to browser sounds like you're doing escaping twice; any chance that you're escaping content again when printing it, in your template files? Is this consistent, ie. are all ampersands printing out as "&" -- or just some of them?

If you're certain that you're not escaping content twice, you might have some broken data in your database. I'd check how those ampersands that print out as "&" are actually stored in the data field of corresponding field_[your-field] table.

[landitus]

The one ampersand printing as "&amp" correspond to the fields that have the encode htmlentities option selected. I guess that's who it's supposed to work. I am also using translations BTW. I was hoping that having the encode htmlentities option selected, the printed "&" would show as a "&" in the browser. It looks like because php renders the "&", it's shown as "&".

Am I making any sense?

[ryan]

Chances are the text you've got is already entity encoded (like from TinyMCE), and the HTML5 validator is complaining about an ampersand somewhere outside of that. Can you 1) remove the entity encoding textformatter for that field; and 2) post the URL (or PM to Teppo and me if you prefer) so that we can see the full context?