Introduce wrapper for htmlspecialchars

php/utils/server-utils.php

@@ -118,4 +118,14 @@
 			return $contents;
 		}
 	}
+
+	function html_sanitize(
+		string $str, int $flags = ENT_QUOTES|ENT_SUBSTITUTE,
+		?string $encoding = null, bool $double_encode = true
+	) {
+		if ($str == "") {
+			return "";
+		}
+		return htmlspecialchars($str, $flags, $encoding, $double_encode);
+	}
 ?>

sites/+components/tbl_communities.php

@@ -55,16 +55,16 @@
 
 		// Escape external input.
 		// Ternaries prevent passing null-equal strings, which produce warnings.
-		$id = htmlspecialchars($id);
+		$id = html_sanitize($id);
-		$language = $room->language ? htmlspecialchars($room->language) : "";
+		$language = html_sanitize($room->language);
-		$name = htmlspecialchars($room->name);
+		$name = html_sanitize($room->name);
-		$desc = $room->description ? htmlspecialchars($room->description) : "";
+		$desc = html_sanitize($room->description);
-		$users = htmlspecialchars($room->active_users);
+		$users = html_sanitize($room->active_users);
-		$preview_link = htmlspecialchars($room->preview_link);
+		$preview_link = html_sanitize($room->preview_link);
-		$join_link = htmlspecialchars($room->join_link);
+		$join_link = html_sanitize($room->join_link);
 		// TODO: Do not forget to rename this escape when merging!
-		$token = htmlspecialchars($token);
+		$token = html_sanitize($token);
-		$hostname = htmlspecialchars($hostname);
+		$hostname = html_sanitize($hostname);
 	?>
 
 	<tr id="<?=$id?>" itemscope itemtype="https://schema.org/EntryPoint"