Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:33615 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 65273 invoked by uid 1010); 3 Dec 2007 23:45:04 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 65256 invoked from network); 3 Dec 2007 23:45:04 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 3 Dec 2007 23:45:04 -0000 Authentication-Results: pb1.pair.com smtp.mail=alan@akbkhome.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=alan@akbkhome.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain akbkhome.com designates 202.81.246.113 as permitted sender) X-PHP-List-Original-Sender: alan@akbkhome.com X-Host-Fingerprint: 202.81.246.113 246-113.netfront.net Received: from [202.81.246.113] ([202.81.246.113:57404] helo=akbkhome.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id E6/91-52978-DF494574 for ; Mon, 03 Dec 2007 18:45:03 -0500 Received: from wideboy ([192.168.0.27]) by akbkhome.com with esmtp (Exim 4.67) (envelope-from ) id 1IzKy4-00045O-Cy; Tue, 04 Dec 2007 07:44:52 +0800 Message-ID: <47549512.1000505@akbkhome.com> Date: Tue, 04 Dec 2007 07:45:22 +0800 User-Agent: Thunderbird 2.0.0.6 (X11/20071022) MIME-Version: 1.0 To: Stanislav Malyshev CC: Rasmus Lerdorf , Sara Golemon , PHP Internals References: <474F0EE7.8020201@php.net> <474F4E47.8050506@zend.com> <474F5E12.1050404@php.net> <474F5F75.3030808@zend.com> <475081DD.90404@php.net> <4750B3CA.20405@zend.com> <475101FF.5080103@lerdorf.com> <475482AF.3050800@zend.com> <47548638.9020709@lerdorf.com> <475487D0.7050207@zend.com> In-Reply-To: <475487D0.7050207@zend.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Proposed feature for json_encode() From: alan@akbkhome.com (Alan Knowles) One thing to consider is changing json_encode to add a header Content-type: application/json (or x-javascript), unless the additional arguments are used.. That way someone using the function to intermingle with HTML will be faced with the fact they have to encode the output, otherwise it breaks the page... Regards Alan Stanislav Malyshev wrote: >> This is just a different way of encoding Javascript which depending on >> the context of use will enable Javascript to be embedded securely. Not >> providing an alternate encoding is a bit like arguing that we shouldn't >> have base64_encode() because if used incorrectly it could be insecure. > > I'm not saying "not providing", I'm saying "we should provide use > cases, otherwise this feature will inevitably be misused". > >> We don't have an explanation of when base64_encode() is useful in the > > Because it's established standard that is widely used. json_encode() > option was never used before. > >> base64_encode() uses. Same thing for this json_encode() feature. We >> can come up with a set of scenarios where we would like to avoid having >> characters that are meaningful in XML and HTML show up in our json >> strings. > > OK, we can. Let's do.