Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:63068 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 52435 invoked from network); 18 Sep 2012 16:45:32 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 18 Sep 2012 16:45:32 -0000 Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain lerdorf.com from 209.85.220.170 cause and error) X-PHP-List-Original-Sender: rasmus@lerdorf.com X-Host-Fingerprint: 209.85.220.170 mail-vc0-f170.google.com Received: from [209.85.220.170] ([209.85.220.170:64990] helo=mail-vc0-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 1B/7F-07072-A25A8505 for ; Tue, 18 Sep 2012 12:45:32 -0400 Received: by vcbfk26 with SMTP id fk26so75265vcb.29 for ; Tue, 18 Sep 2012 09:45:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding:x-gm-message-state; bh=vXPuzyxtU7O2qBTIhFtM0VPCMfq07JDnNQgJ5NXs2Jg=; b=bkNGuln5oZBz5b0OfoND6uBqdRFsDGuJvDC1ZbGsR4J7kkqxDG5vFmckOgbz1N9HyW ca1HcrtcvaRPSLhitTqDGce0/f8oID2PmElqy6e3fKO0ypcWdBJR/shPg0HTDQLznfk7 jQSzp4W75Fag3bkFgKvOCrvYlQ+rJomHNeODgBEPbWJOkgv2+8PIegik1SRBUI4paLvx /eyk/OCTdD9Q96r1PXwE2Mpfdn5xEZvZRhbvB8JgaKW9xdQMWm2Uk5rfjwfWNsWp4mzQ zjNy3qyXtjsJrEYWTdujsYivBdDe0RtHFjzP2xQDq2b+sEDAdfxDqUEEIGEOKQn4gVbP RNpw== Received: by 10.221.11.71 with SMTP id pd7mr281009vcb.45.1347986726942; Tue, 18 Sep 2012 09:45:26 -0700 (PDT) Received: from [10.252.0.86] ([64.124.192.210]) by mx.google.com with ESMTPS id l8sm38015veu.6.2012.09.18.09.45.24 (version=SSLv3 cipher=OTHER); Tue, 18 Sep 2012 09:45:25 -0700 (PDT) Message-ID: <5058A524.20600@lerdorf.com> Date: Tue, 18 Sep 2012 12:45:24 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120827 Thunderbird/15.0 MIME-Version: 1.0 To: Michael Shadle CC: jpauli , =?ISO-8859-1?Q?P=E1draic_Brady?= , "internals@lists.php.net" References: <0AC6EB13-3588-403B-BE73-968F12C7B7AF@gmail.com> In-Reply-To: <0AC6EB13-3588-403B-BE73-968F12C7B7AF@gmail.com> X-Enigmail-Version: 1.4.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQm0l6jPaNK7KCEUD1PYT5yMNJ7P364EogBHAUcUmh0PrBMVYHgC17W3MZJUo6xvMjzqRP1N Subject: Re: [PHP-DEV] RFC: Implementing a core anti-XSS escaping class From: rasmus@lerdorf.com (Rasmus Lerdorf) On 09/18/2012 12:39 PM, Michael Shadle wrote: > Also as there is also htmlspecialchars() which most people use for escaping this seems like a better, more centralized functionality and better nomenclature for escaping on output in general with options for various types (and should just be utf-8 by default :)) It is utf-8 by default as of PHP 5.4.