I want to display user comments on my site and I am escaping the output using html_escape (htmlspecialchars in Codeigniter). But I also want to activate URLs in the comments using Codeigniter's auto_link function.
How can I apply both functions to the same variable/content?
<?php echo html_escape($review); ?>
<?php echo auto_link($review); ?>
I have to use html_escape, because I don't trust the user content; but I would like to show URLs entered, if possible. Note: there is no conflict between the characters in html_escape and in auto_link.
auto_link(html_escape($review))
However, if you don't trust your users, don't parse their links. Assuming your users provide insightful comments like
Free cheap drugs at http://example.com/
auto_link(html_escape($review)) will still parse the link.