We use a couple of different machine images with IE6/IE7/IE8…

Question

Editorial Team

Asked: May 11, 20262026-05-11T01:00:01+00:00 2026-05-11T01:00:01+00:00

I am trying to format some bad html to output into a pop window.

I am trying to format some bad html to output into a pop window. The html is stored in a field in a mysql database.

I have been performing json_encode and htmlspecialchars on the row in the php like so:

$html = htmlentities(json_encode($row2['ARTICLE_DESC']));

and calling my makewindows function, which simply takes the html as a paramter and uses it withdocument.write like so:

  <p><a href='#' onclick=\'makewindows(''.$html.''); return false;\'>Click for full description </a></p>

This works ok, as in some html code is produced, such as the following:

pasted there because I do not know how to wrap lines in SO

The problem is that htmlspecialchars does not seem to be stripping bad html data, as no popup window is created. The error I receive with firebug is

missing ) after argument list

However the html is outside of my control.

From what I have read, I am taking the correct steps. If I am missing something out, what is it?

My full make windows function:

function makewindows(html){ child1 = window.open ('about:blank'); child1.document.write(html); child1.document.close();  }

You must login to add an answer.

Need An Account,

score 0 · Answer 1 · 2026-05-11T01:00:02+00:00

You shouldn’t have the single quotes in the function call. It should look like this:

<p><a href='#' onclick=\'makewindows(' . $html . '); return false;\'>Click for full description </a></p>

Then the output will look like

<p><a href='#' onclick='makewindows(&quot;.....&quot;); return false;'>Click for full description </a></p>

which is correct.