Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:63129
Return-Path: <padraic.brady@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 266 invoked from network); 19 Sep 2012 07:59:28 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 19 Sep 2012 07:59:28 -0000
Authentication-Results: pb1.pair.com smtp.mail=padraic.brady@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=padraic.brady@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.54 as permitted sender)
X-PHP-List-Original-Sender: padraic.brady@gmail.com
X-Host-Fingerprint: 74.125.82.54 mail-wg0-f54.google.com  
Received: from [74.125.82.54] ([74.125.82.54:34750] helo=mail-wg0-f54.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id C8/B3-05716-F5B79505 for <internals@lists.php.net>; Wed, 19 Sep 2012 03:59:27 -0400
Received: by wgbdt10 with SMTP id dt10so459115wgb.11
        for <internals@lists.php.net>; Wed, 19 Sep 2012 00:59:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=references:in-reply-to:mime-version:content-transfer-encoding
         :content-type:message-id:cc:x-mailer:from:subject:date:to;
        bh=sOfulIe2EjE8zx9fyyvhtQylL84oz8PsmWsmR9+ap6Q=;
        b=MmFwZAxhP+jPpa0vWq60ZgW11PfA1T/nirq9ryvqKkwE8xikEySMXIoaST4Ox/O8uN
         958zN6Be8L3MUybCh2aVcCbSG7jW6apW2x9wblPdXiGiXcvZ4ln+BLnBm8DFsk00a1PO
         6y5RIO0kLsM5u2HdAEGDr1CkcJdB1c+Bp1aQv5dcmhITIv0xzzEnb4GxUZi84G+v31nr
         KkQ3zHGX4wz31h7hOG5s1q2oHx2vOS3UbESJkUJqaeFVrtsBRwcc9588cwT738XKb4dV
         b67t2NxqDNIppqy8tUq7K/Jip9lFgBvF3dJ45OICe9SxtXqFg/dBi1ZfqSldNNaNyX2G
         6ObA==
Received: by 10.180.86.133 with SMTP id p5mr4931823wiz.17.1348041564427;
        Wed, 19 Sep 2012 00:59:24 -0700 (PDT)
Received: from [10.37.71.61] (mobileinternet2.o2.ie. [62.40.36.14])
        by mx.google.com with ESMTPS id t8sm26607065wiy.3.2012.09.19.00.58.56
        (version=TLSv1/SSLv3 cipher=OTHER);
        Wed, 19 Sep 2012 00:59:23 -0700 (PDT)
References: <CAO1hux8mmUsy4badiNjxTGMubaduD1gkgbw4ZK1Me_MwGwLybA@mail.gmail.com> <CALtuQzC4e2Sn_BHinFAPdVrz8Oc_d6wCqTr=AscMChH29NSENw@mail.gmail.com> <CAO1hux9+4QK2sVX9+4110ksa9qDpUpfDhFJvyzkXcBHrFoFWvg@mail.gmail.com>
In-Reply-To: <CAO1hux9+4QK2sVX9+4110ksa9qDpUpfDhFJvyzkXcBHrFoFWvg@mail.gmail.com>
Mime-Version: 1.0 (iPhone Mail 8B117)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii
Message-ID: <0960EAA5-17FF-4E0F-9DDE-BB93D13EA02B@gmail.com>
Cc: Sebastian Krebs <krebs.seb@gmail.com>,
 "internals@lists.php.net" <internals@lists.php.net>
X-Mailer: iPhone Mail (8B117)
Date: Wed, 19 Sep 2012 08:58:11 +0100
To: Tomas Creemers <tomas.creemers@gmail.com>
Subject: Re: [PHP-DEV] Re: RFC: Implementing a core anti-XSS escaping class
From: padraic.brady@gmail.com (=?utf-8?Q?P=C3=A1draic_Brady?=)

You did notice the character encoding parameter to the constructor? The poin=
t of the class is to share that little piece of state and omit it as a requi=
red method parameter thus removing one OOP layer for those practicing OOP li=
ke all the major frameworks.=20

The RFC notes already that character encoding parameters are NOT optional. T=
hey MUST be set on each call outside of the class to enforce explicitness an=
d prevent the currently popular option of imposing a non-configurable defaul=
t in libs and frameworks. Character encoding is important in escaping and as=
suming that they are interchangeable doesn't always fit the reality of brows=
er behaviour and bugs.

This would apply to static calls as much as plain functions.

Paddy

On 19 Sep 2012, at 08:39, Tomas Creemers <tomas.creemers@gmail.com> wrote:

> On Wed, Sep 19, 2012 at 8:34 AM, Sebastian Krebs <krebs.seb@gmail.com> wro=
te:
>>=20
>>=20
>> 2012/9/19 Tomas Creemers <tomas.creemers@gmail.com>
>>>=20
>>> Hi all,
>>>=20
>>>=20
>>>=20
>>> If this is going to be implemented as a class, what is the advantage
>>> of instantiation for this? Unless I'm missing it, I would propose that
>>> the functions are made static.
>>>=20
> [snip]
>>>=20
>>> Regards,
>>>=20
>>> Tomas
>>=20
>>=20
>> Hi,
>>=20
>> I guess the reason is the same like the one, why you just should avoid
>> static methods at all. But only one example: Try to extend the class and
>> then _always_ use the extended one ;)
>>=20
>> Regards,
>> Sebastian
>=20
>=20
> Isn't that what late static binding is for? It enables the use of the
> extending class (if any) from the base class.
>=20
> I really don't see what class instantiation would add to this design
> (if it's going to be a class at all). It doesn't have
> instance-specific state.
>=20
>=20
> Regards,
> Tomas
>=20
> --=20
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>=20