I think there are several solutions for this problem, but none of them can completely solve the problem.
1. For multi-language support, officially use UTF-8 format only: All language packages should be written in UTF-8 format. As we can see, most PHP functions could handle UTF-8 strings correctly.
People can also use other character sets (without too much problems), but this is not officially recommended.
2. When using function "htmlentities" to translate a string, convert the string to UTF-8 first, and then call function "htmlentities" to translate the UTF-8 string.
The problem for this solution is, we might not be able to translate the UTF-8 string back to the original character encoding.
A similar idea was mentioned by Cameron on
php.net. He provided a solution shown how to simulate function "htmlentities" for multi-byte strings without causing any problem.
3. Use
{$CONST.TRACKBACK_SPECIFIC_ON_CLICK|@escape:"html"}
instead of
{$CONST.TRACKBACK_SPECIFIC_ON_CLICK|@escape:"htmlall"}
(without specifying the 2nd parameter for "escape")
Here, parameter "html" is better than parameter "htmlall" because "html" uses function htmlspecialchars, while "htmlall" uses function htmlentities. As I can see, function "htmlspecialchars" is much safer when handling multi-byte strings.
This solution is not perfect, but it might be the best current available solution.
4. A more proper way to use the modifier "escape" is
{$CONST.TRACKBACK_SPECIFIC_ON_CLICK|@escape:"html":$_charset}
, but not
{$CONST.TRACKBACK_SPECIFIC_ON_CLICK|@escape:"html"}
This could cause some serious problems, since some character sets are not supported by the modifier "escape" (which uses function “htmlspecialchars” here).