Same name and namespace in other branches
- 4.6.x includes/common.inc \decode_entities()
- 4.7.x includes/unicode.inc \decode_entities()
- 5.x includes/unicode.inc \decode_entities()
- 7.x includes/unicode.inc \decode_entities()
Decodes all HTML entities (including numerical ones) to regular UTF-8 bytes.
Double-escaped entities will only be decoded once ("&lt;" becomes "<", not "<"). Be careful when using this function, as decode_entities can revert previous sanitization efforts (<script> will become <script>).
Parameters
$text: The text to decode entities in.
$exclude: An array of characters which should not be decoded. For example, array('<', '&', '"'). This affects both named and numerical entities.
Return value
The input $text, with all HTML entities decoded once.
8 calls to decode_entities()
- db_connect in includes/
database.pgsql.inc - Initialize a database connection.
- filter_xss_bad_protocol in includes/
bootstrap.inc - Processes an HTML attribute value and ensures it does not contain an URL with a disallowed protocol (e.g. javascript:)
- format_rss_channel in includes/
common.inc - Formats an RSS channel.
- locale_string_is_safe in includes/
locale.inc - Check that a string is safe to be added or imported as a translation.
- search_simplify in modules/
search/ search.module - Simplifies a string according to indexing rules.
File
- includes/
unicode.inc, line 336
Code
function decode_entities($text, $exclude = array()) {
static $html_entities;
if (!isset($html_entities)) {
include_once './includes/unicode.entities.inc';
}
// Flip the exclude list so that we can do quick lookups later.
$exclude = array_flip($exclude);
// Use a regexp to select all entities in one pass, to avoid decoding
// double-escaped entities twice. The PREG_REPLACE_EVAL modifier 'e' is
// being used to allow for a callback (see
// http://php.net/manual/en/reference.pcre.pattern.modifiers).
return preg_replace('/&(#x?)?([A-Za-z0-9]+);/e', '_decode_entities("$1", "$2", "$0", $html_entities, $exclude)', $text);
}