Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:33613 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 48623 invoked by uid 1010); 3 Dec 2007 22:48:56 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 48608 invoked from network); 3 Dec 2007 22:48:56 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 3 Dec 2007 22:48:56 -0000 Authentication-Results: pb1.pair.com smtp.mail=stas@zend.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=stas@zend.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain zend.com designates 212.25.124.162 as permitted sender) X-PHP-List-Original-Sender: stas@zend.com X-Host-Fingerprint: 212.25.124.162 mail.zend.com Windows 2000 SP4, XP SP1 Received: from [212.25.124.162] ([212.25.124.162:44726] helo=mx1.zend.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 8D/1D-02463-7D784574 for ; Mon, 03 Dec 2007 17:48:56 -0500 Received: from us-ex1.zend.com ([192.168.16.5]) by mx1.zend.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 4 Dec 2007 00:48:52 +0200 Received: from [192.168.16.91] ([192.168.16.91]) by us-ex1.zend.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 3 Dec 2007 14:48:48 -0800 Message-ID: <475487D0.7050207@zend.com> Date: Mon, 03 Dec 2007 14:48:48 -0800 Organization: Zend Technologies User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: Rasmus Lerdorf CC: Sara Golemon , PHP Internals References: <474F0EE7.8020201@php.net> <474F4E47.8050506@zend.com> <474F5E12.1050404@php.net> <474F5F75.3030808@zend.com> <475081DD.90404@php.net> <4750B3CA.20405@zend.com> <475101FF.5080103@lerdorf.com> <475482AF.3050800@zend.com> <47548638.9020709@lerdorf.com> In-Reply-To: <47548638.9020709@lerdorf.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 03 Dec 2007 22:48:48.0227 (UTC) FILETIME=[AAB8EB30:01C835FE] Subject: Re: [PHP-DEV] Proposed feature for json_encode() From: stas@zend.com (Stanislav Malyshev) > This is just a different way of encoding Javascript which depending on > the context of use will enable Javascript to be embedded securely. Not > providing an alternate encoding is a bit like arguing that we shouldn't > have base64_encode() because if used incorrectly it could be insecure. I'm not saying "not providing", I'm saying "we should provide use cases, otherwise this feature will inevitably be misused". > We don't have an explanation of when base64_encode() is useful in the Because it's established standard that is widely used. json_encode() option was never used before. > base64_encode() uses. Same thing for this json_encode() feature. We > can come up with a set of scenarios where we would like to avoid having > characters that are meaningful in XML and HTML show up in our json > strings. OK, we can. Let's do. -- Stanislav Malyshev, Zend Software Architect stas@zend.com http://www.zend.com/ (408)253-8829 MSN: stas@zend.com