Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:63132 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 17240 invoked from network); 19 Sep 2012 11:55:57 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Sep 2012 11:55:57 -0000 Authentication-Results: pb1.pair.com header.from=tomas.creemers@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=tomas.creemers@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.42 as permitted sender) X-PHP-List-Original-Sender: tomas.creemers@gmail.com X-Host-Fingerprint: 209.85.160.42 mail-pb0-f42.google.com Received: from [209.85.160.42] ([209.85.160.42:41160] helo=mail-pb0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 1C/30-15057-CC2B9505 for ; Wed, 19 Sep 2012 07:55:56 -0400 Received: by pbbrp8 with SMTP id rp8so2283604pbb.29 for ; Wed, 19 Sep 2012 04:55:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=Cy2+kfhIVMhUSoe6LoZqtkZs6vYQxb3AtJILA5jtY1g=; b=Rom+5JAxLTIqSYk93b0Tep5XEmoZMCYwTOXDH+ACCzDuHOfYuzyofBImZBbUjlNsc+ 25UHlz3AmVxp4UThkAC/42BbllR9Qt/aJdQ0qU9C3Mfj4hI0NZvi+F/nC1O1VfYljLPy Egfq4/uiYGV4k1mhHVYV6Epgub3789glB1/vPdz0AltVJVr/wv6zFXci1XFk0OD2M+Z4 /7VYqID9e1kDnceF960pFBF31F0OZaytgn2MrhwW1BfGsKkZOocQzF8UaFRNWdyhrsTI fa6z5VOQ/+SY9VKWnIf0COHfxzkD2YWggfx6qYDKCA8RPmib6FHCtFEUi4gi4I5LmYF3 DrkQ== MIME-Version: 1.0 Received: by 10.68.132.36 with SMTP id or4mr6680237pbb.132.1348055752686; Wed, 19 Sep 2012 04:55:52 -0700 (PDT) Received: by 10.66.122.98 with HTTP; Wed, 19 Sep 2012 04:55:52 -0700 (PDT) In-Reply-To: <0960EAA5-17FF-4E0F-9DDE-BB93D13EA02B@gmail.com> References: <0960EAA5-17FF-4E0F-9DDE-BB93D13EA02B@gmail.com> Date: Wed, 19 Sep 2012 13:55:52 +0200 Message-ID: To: =?ISO-8859-1?Q?P=E1draic_Brady?= Cc: Sebastian Krebs , "internals@lists.php.net" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] Re: RFC: Implementing a core anti-XSS escaping class From: tomas.creemers@gmail.com (Tomas Creemers) On Wed, Sep 19, 2012 at 9:58 AM, P=E1draic Brady = wrote: > You did notice the character encoding parameter to the constructor? The p= oint of the class is to share that little piece of state and omit it as a r= equired method parameter thus removing one OOP layer for those practicing O= OP like all the major frameworks. > > The RFC notes already that character encoding parameters are NOT optional= . They MUST be set on each call outside of the class to enforce explicitnes= s and prevent the currently popular option of imposing a non-configurable d= efault in libs and frameworks. Character encoding is important in escaping = and assuming that they are interchangeable doesn't always fit the reality o= f browser behaviour and bugs. > > This would apply to static calls as much as plain functions. > > Paddy I missed the encoding parameter. While it's still possible to add that to a static-only class, that would be more cumbersome and less correct than instantiation (since the encoding is state, technically). My apologies. Carry on ;-) Tomas > On 19 Sep 2012, at 08:39, Tomas Creemers wrote= : > [snip] >> >> I really don't see what class instantiation would add to this design >> (if it's going to be a class at all). It doesn't have >> instance-specific state. >> >> >> Regards, >> Tomas >> >> -- >> PHP Internals - PHP Runtime Development Mailing List >> To unsubscribe, visit: http://www.php.net/unsub.php >>