Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:63130 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 2027 invoked from network); 19 Sep 2012 08:11:14 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Sep 2012 08:11:14 -0000 Authentication-Results: pb1.pair.com smtp.mail=krebs.seb@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=sebastian.krebs.berlin@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.83.42 as permitted sender) X-PHP-List-Original-Sender: krebs.seb@gmail.com X-Host-Fingerprint: 74.125.83.42 mail-ee0-f42.google.com Received: from [74.125.83.42] ([74.125.83.42:38750] helo=mail-ee0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 81/14-05716-02E79505 for ; Wed, 19 Sep 2012 04:11:13 -0400 Received: by eekb15 with SMTP id b15so260082eek.29 for ; Wed, 19 Sep 2012 01:11:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:x-google-sender-delegation:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to:cc :content-type; bh=8gaDv2wxc2wmHdIemLQNWcmGeHDLiWYz1F4+cJl1BJg=; b=lhuLxo4IsEM7h35uG2B9VwlosywnGcAwG7Zq652ijLE88ipGYYgcoxhZ02mLkfoXNB 7jMX574RO/lOKlrF1MXHbU9OjqK59yMcWFr3VYDq+09QmSdOdcCJx6sVNy0YOR2vlBDq Y8/bWq8xnpfUADp7IcaV4UdA0WALwW3ztEO3AE028QMhmsLZEKNjIG4pZWQ34ryQa36Z EfH0VDRxr9ecgu4a7cRKvnD8j2yZL1ymCUWHVb/7i/zuFSVsxuSx7acejUmCPh3IukHq JO9zPMfetvYxP5q8f8M2r03lioaK//vZRXTP4QhnXHUTLd9M2czOEaP8utNLjjspf6xo v0JA== MIME-Version: 1.0 Received: by 10.14.193.129 with SMTP id k1mr2656676een.13.1348042267898; Wed, 19 Sep 2012 01:11:07 -0700 (PDT) Sender: sebastian.krebs.berlin@gmail.com X-Google-Sender-Delegation: sebastian.krebs.berlin@gmail.com Received: by 10.14.176.73 with HTTP; Wed, 19 Sep 2012 01:11:07 -0700 (PDT) In-Reply-To: References: Date: Wed, 19 Sep 2012 10:11:07 +0200 X-Google-Sender-Auth: vQ_AB4GZ6mPggS-aGre2TKaR6fg Message-ID: To: Tomas Creemers Cc: internals@lists.php.net Content-Type: multipart/alternative; boundary=047d7b343b2085311404ca098c9b Subject: Re: [PHP-DEV] Re: RFC: Implementing a core anti-XSS escaping class From: krebs.seb@gmail.com (Sebastian Krebs) --047d7b343b2085311404ca098c9b Content-Type: text/plain; charset=ISO-8859-1 2012/9/19 Tomas Creemers > On Wed, Sep 19, 2012 at 8:34 AM, Sebastian Krebs > wrote: > > > > > > 2012/9/19 Tomas Creemers > >> > >> Hi all, > >> > >> > >> > >> If this is going to be implemented as a class, what is the advantage > >> of instantiation for this? Unless I'm missing it, I would propose that > >> the functions are made static. > >> > [snip] > >> > >> Regards, > >> > >> Tomas > > > > > > Hi, > > > > I guess the reason is the same like the one, why you just should avoid > > static methods at all. But only one example: Try to extend the class and > > then _always_ use the extended one ;) > > > > Regards, > > Sebastian > > > Isn't that what late static binding is for? It enables the use of the > extending class (if any) from the base class. > late static binding is for runtime-resolvement of the class _within_ the class. If you spread the (external) call "FooEscaper::escapeJs()" all over you code, you'll have much fun changing every occurence of "FooEscaper" once you extend it. Regards, Sebastian > > I really don't see what class instantiation would add to this design > (if it's going to be a class at all). It doesn't have > instance-specific state. > > Regards, > Tomas > -- github.com/KingCrunch --047d7b343b2085311404ca098c9b--