我试图格式化一些不好的HTML输出到一个弹出窗口。该HTML存储在一个领域在MySQL数据库中。

我一直在执行json_en code并用htmlspecialchars上排在PHP像这样：

  $的HTML =ヶ辆（json_en code（$ ROW2 ['ARTICLE_DESC']））;
 

和打电话给我makewindows功能，它只是采用了HTML作为一个放慢参数，并使用它withdocument.write像这样：

 ＆LT; P＆GT;＆LT; A HREF ='＃'的onclick = \makewindows（'$ HTML。'）;返回false; \＆gt;点击全描述＆所述; / a取代;＆所述; / P＆GT;
 

这工程确定，在一些HTML code制造，如下列：

http://www.nomorepasting.com/getpaste.php?pasteid=22823&seen=true&wrap=on&langoverride=html4strict

粘贴在那里，因为我不知道如何来包装SO行

问题是用htmlspecialchars似乎并没有被剥离不良的HTML数据，不创建弹出窗口。我收到与萤火虫的误差

在参数列表缺失）

然而，HTML是我无法控制的。

从我读过，我正在采取正确的步骤。如果我失去了一些东西，是什么呢？

我全使Windows功能：

 函数makewindows（HTML）{
child1 =的window.open（有关：空白）;
child1.document.write（HTML）;
child1.document.close（）;
}
 

解决方案

您不应该有单引号中的函数调用。它应该是这样的：

 ＆LT; P＆GT;＆LT; A HREF ='＃'的onclick = \makewindows;返回false; \（$ HTML。）＆gt;点击充分描述＆LT ; / a取代;＆所述; / P＆GT;
 

那么输出将类似于

 ＆LT; P＆GT;＆LT; A HREF ='＃'的onclick =makewindows（安培; QUOT; ......＆安培; QUOT;）;返回false;＆GT;点击查看完整描述＆LT; / A＆GT;＆LT; / P＆GT;
 

这是正确的。

I am trying to format some bad html to output into a pop window. The html is stored in a field in a mysql database.

I have been performing json_encode and htmlspecialchars on the row in the php like so:

$html = htmlentities(json_encode($row2['ARTICLE_DESC']));

and calling my makewindows function, which simply takes the html as a paramter and uses it withdocument.write like so:

  <p><a href='#' onclick=\"makewindows('".$html."'); return false;\">Click for full description </a></p>

This works ok, as in some html code is produced, such as the following:

http://www.nomorepasting.com/getpaste.php?pasteid=22823&seen=true&wrap=on&langoverride=html4strict

pasted there because I do not know how to wrap lines in SO

The problem is that htmlspecialchars does not seem to be stripping bad html data, as no popup window is created. The error I receive with firebug is

missing ) after argument list

However the html is outside of my control.

From what I have read, I am taking the correct steps. If I am missing something out, what is it?

My full make windows function:

function makewindows(html){
child1 = window.open ("about:blank");
child1.document.write(html);
child1.document.close(); 
}

You shouldn't have the single quotes in the function call. It should look like this:

<p><a href='#' onclick=\"makewindows(" . $html . "); return false;\">Click for full description </a></p>

Then the output will look like

<p><a href='#' onclick="makewindows(&quot;.....&quot;); return false;">Click for full description </a></p>

which is correct.