Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:63067 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 50969 invoked from network); 18 Sep 2012 16:40:03 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 18 Sep 2012 16:40:03 -0000 Authentication-Results: pb1.pair.com smtp.mail=mike503@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=mike503@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.219.42 as permitted sender) X-PHP-List-Original-Sender: mike503@gmail.com X-Host-Fingerprint: 209.85.219.42 mail-oa0-f42.google.com Received: from [209.85.219.42] ([209.85.219.42:47110] helo=mail-oa0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 09/2F-07072-3E3A8505 for ; Tue, 18 Sep 2012 12:40:03 -0400 Received: by oagh2 with SMTP id h2so57516oag.29 for ; Tue, 18 Sep 2012 09:40:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:in-reply-to:mime-version:content-transfer-encoding :content-type:message-id:cc:x-mailer:from:subject:date:to; bh=auAmV+KP572dMhn26g1xTBeTXM0MqBGw1Jp6OCLuL2c=; b=duAbU0U7qGrQDPl2H7e4owg1+NKpSAtcycRtcaTnL6k3sc1/rE0nzqHaNrt9umdqmZ tLW5T6gH3hk9tgbhpF6ctxiTaBB1mzOrOURTW+eerjxhPK1Lp/BGY/gyWGKFx2HJTmfr TLNmusfbDudtGahGBg9+1tWEXbKA62pRi45dqht3cDXR6gakP2kgN+s/73lnkNC6Xmvv e0PgXMhL4cSh0UztZ4pGzmUQQQlCQwK2vtB9ZaCZr8nkAilCvhUf/Vu99OU+J6PxkMcv N7uGKA91e1k2h+yuvy6Hhu4YDCHRS/VzSsJYYJfKHAN3x3GEVMIqDKkfslinHh6f5Obs BuPg== Received: by 10.60.171.68 with SMTP id as4mr602232oec.117.1347986400184; Tue, 18 Sep 2012 09:40:00 -0700 (PDT) Received: from [192.168.1.152] (static-50-53-5-173.bvtn.or.frontiernet.net. [50.53.5.173]) by mx.google.com with ESMTPS id ea6sm74386obc.9.2012.09.18.09.39.56 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 18 Sep 2012 09:39:58 -0700 (PDT) References: In-Reply-To: Mime-Version: 1.0 (1.0) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Message-ID: <0AC6EB13-3588-403B-BE73-968F12C7B7AF@gmail.com> Cc: =?utf-8?Q?P=C3=A1draic_Brady?= , "internals@lists.php.net" X-Mailer: iPhone Mail (9B206) Date: Tue, 18 Sep 2012 09:39:55 -0700 To: jpauli Subject: Re: [PHP-DEV] RFC: Implementing a core anti-XSS escaping class From: mike503@gmail.com (Michael Shadle) Also as there is also htmlspecialchars() which most people use for escaping t= his seems like a better, more centralized functionality and better nomenclat= ure for escaping on output in general with options for various types (and sh= ould just be utf-8 by default :))