0

I'm now doing it this way:

<a title="<?php echo $title; ?>">...

But it will brreak when " is included in $title.

Improve this question

3 Answers 3

Reset to default
6

Not that it's "the final solution", but obviously you need to escape any literal string that isn't mean to contain HTML. In this case:

<a title="<?php echo htmlspecialchars($title); ?>">
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Actually you can have HTML in the title attribute. Just make sure you replace all quotes with &quot;... I've used this jQuery tooltip (cssglobe.com/post/1695/…) and I have included all types of HTML markup.
Yes, well, you can in HTML and you can't in XHTML. Even in HTML, you need to escape the ampersand so that it's not evaluated as an entity. In general it's a better idea to escape everything, even if you are using HTML. It shouldn't affect the tooltip plugin, because it's looking at the parsed value, not the raw HTML file.
3

You should run that through htmlspecialchars first to make sure your HTML won't break.

Improve this answer

Comments

2

You should translate special characters into HTML entities first, easily done with htmlentities().

<a title="<?php echo htmlentities($title); ?>">
Improve this answer

1 Comment

Don't use htmlentities() if you don't have to. Use htmlspecialchars() instead. htmlentities() will encode some chars even if we don't need to, thus wasting space.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.