How can one prevent double encoding of html entities when they are allowed in the input

Question

How can I prevent double encoding of html entities, or fix them programmatically?

I am using the encode() function from the HTML::Entities perl module to encode HTML entities in user input. The problem here is that we also allow users to input HTML entities directly and these entities end up being double encoded.

For example, a user may enter:

Stackoverflow & Perl = Awesome…

This ends up being encoded to

Stackoverflow & Perl = Awesome…

This renders in the browser as

Stackoverflow & Perl = Awesome…

We want this to render as

Stackoverflow & Perl = Awesome...

Is there a way to prevent this double encoding? Or is there a module or snippet of code that can easily correct these double encoding issues?

Any help is greatly appreciated!

Answer 1

You can decode the string first:

my $input = from_user();

my $encoded = encode_entities( decode_entities $input );