Escaping text for HTML output
PHP's htmlspecialchars() converts characters with special meaning in HTML, including ampersand, less-than, and greater-than signs. Quote handling depends on flags such as ENT_QUOTES, ENT_COMPAT, okanye ENT_NOQUOTES.
What this browser equivalent supports
The page escapes &, <, kwaye >, and applies the selected quote style to single and double quotes. It runs in JavaScript and does not implement PHP's full flags bitmask, encoding parameter, invalid-code-unit behavior, document-type flags, or double_encode argument.
- HTML escaping is context-specific; an HTML-text result is not automatically safe for JavaScript, CSS, URLs, SQL, or shell commands.
- Escaping is not the same as removing unsafe markup or validating a URL.
- Input and output remain in the browser.
- Bona i PHP htmlspecialchars() manual for the complete function contract.