The logic of PHP’s
htmlspecialchars() is such that, according to its manual, “Certain characters have special significance in HTML, and should be represented by HTML entities if they are to preserve their meanings.”
And so, something like this
<?php $str = "This is some <b>bold</b> text."; echo htmlspecialchars($str); ?>
shows on the browser as
This is some <b>bold</b> text.
but in the View Source output as
<!DOCTYPE html> <html> <body> This is some <b>bold</b> text. </body> </html>
My question is:
Do browsers understand link rel tags (e.g.
rel="noopener") when created this way? In the View Source, I see something like
<a href="https://www.example.com" rel="noopener" target="_blank">Page</a>:<br><br>
whereas on the browser the link appears normally and the url opens in a new tab, as expected. If the browser can correctly interpret
" target="_blank" as
target="_blank", is it a fair assumption that it also understands
Because this has obvious security implications.