if we want to <a onclick="process(<?php echo json_encode($stringValue); ?>)"> we should do echo htmlspecialchars(json_encode($stringValue)) instead actually, and yes JSON_HEX_TAG will help avoiding htmlspecialchars() just like urlencode()ed data which never contains < > or so. i'm not sure if there is problem if you put json_encode()ed data in <script> block without doing htmlspecialchars()
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
