Introduce wrapper for htmlspecialchars

php/utils/utils.php

@@ -148,4 +148,16 @@
 		return $links;
 	}
 
+	/**
+	 * Convert special characters to html entities.
+	 */
+	function html_sanitize(
+		string $str, int $flags = ENT_QUOTES|ENT_SUBSTITUTE,
+		?string $encoding = null, bool $double_encode = true
+	) {
+		if ($str == "") {
+			return "";
+		}
+		return htmlspecialchars($str, $flags, $encoding, $double_encode);
+	}
 ?>

sites/+components/tbl_communities.php

@@ -53,16 +53,16 @@
 
 		// Escape external input.
 		// Ternaries prevent passing null-equal strings, which produce warnings.
-		$id = htmlspecialchars($room->get_room_identifier());
+		$id = html_sanitize($room->get_room_identifier());
-		$language = $room->language_flag ? htmlspecialchars($room->language_flag) : "";
+		$language = html_sanitize($room->language_flag);
-		$name = htmlspecialchars($room->name);
+		$name = html_sanitize($room->name);
-		$desc = $room->description ? htmlspecialchars($room->description) : "";
+		$desc = html_sanitize($room->description);
-		$users = htmlspecialchars($room->active_users);
+		$users = html_sanitize($room->active_users);
-		$preview_link = htmlspecialchars($room->get_preview_url());
+		$preview_link = html_sanitize($room->get_preview_url());
-		$join_link = htmlspecialchars($room->get_join_url());
+		$join_link = html_sanitize($room->get_join_url());
-		// TODO: Do not forget to rename this escape when merging!
+		// TODO: Do not forget to rename this escape when mergig!
-		$token = htmlspecialchars($token);
+		$token = html_sanitize($token);
-		$hostname = htmlspecialchars($hostname);
+		$hostname = html_sanitize($hostname);
 	?>
 
 	<tr id="<?=$id?>" itemscope itemtype="https://schema.org/EntryPoint" --data-identifier="<?=$id?>">