Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:63137
Return-Path: <leight@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 32818 invoked from network); 19 Sep 2012 14:10:24 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 19 Sep 2012 14:10:24 -0000
Authentication-Results: pb1.pair.com smtp.mail=leight@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=leight@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.49 as permitted sender)
X-PHP-List-Original-Sender: leight@gmail.com
X-Host-Fingerprint: 209.85.216.49 mail-qa0-f49.google.com  
Received: from [209.85.216.49] ([209.85.216.49:49962] helo=mail-qa0-f49.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 1B/C2-15057-F42D9505 for <internals@lists.php.net>; Wed, 19 Sep 2012 10:10:24 -0400
Received: by qafk1 with SMTP id k1so1078674qaf.8
        for <internals@lists.php.net>; Wed, 19 Sep 2012 07:10:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=2bqYzOTZdCx7gIKzsx+9cA7fuGqoHwIBsxZpbxw0hBg=;
        b=E/FcX5EIgWmP0nxW1xYKUZDdo/87YS9vbq0e9J51wRHVeKoWAOTMYorph4oWROMpsB
         Np23qz17z/MCN+bLmCwIFWcvo6tdGiPNJ0RrxAGlbdEbRFIR1uPozLV21zYFnCf9bv7R
         wXsyPlM+KfeFDt8ruVXV0pdTvNAtVm/VY0sw1QEW8d1IR4a1iBXvR42GGpEGyDrZ4ijV
         8AX3xxt95ud/lcTElMECsftSHOdvRQ3Gt/r1cjTrUUWkTotMnMY+mjeAP4Scrx/Pf/Yh
         6RBPMiaPpkqSh0QsUI2smxxfWm0leTLmQy59FagcHOYoq4JMOWCIFYl/0atM1EKiuJVY
         PnBQ==
MIME-Version: 1.0
Received: by 10.224.9.193 with SMTP id m1mr7337960qam.53.1348063820731; Wed,
 19 Sep 2012 07:10:20 -0700 (PDT)
Received: by 10.49.96.40 with HTTP; Wed, 19 Sep 2012 07:10:20 -0700 (PDT)
In-Reply-To: <CALwr1GnjjjMbK8-VkVO57meDAgDn8PSPoWdj2DjYMB7F01dP4Q@mail.gmail.com>
References: <CAO1hux8mmUsy4badiNjxTGMubaduD1gkgbw4ZK1Me_MwGwLybA@mail.gmail.com>
	<CALtuQzC4e2Sn_BHinFAPdVrz8Oc_d6wCqTr=AscMChH29NSENw@mail.gmail.com>
	<CAO1hux9+4QK2sVX9+4110ksa9qDpUpfDhFJvyzkXcBHrFoFWvg@mail.gmail.com>
	<0960EAA5-17FF-4E0F-9DDE-BB93D13EA02B@gmail.com>
	<CAO1hux9t9refYHYnKhY0725MvRm88ab85Ng23LCvnjDJxqQA7g@mail.gmail.com>
	<CALwr1GnjjjMbK8-VkVO57meDAgDn8PSPoWdj2DjYMB7F01dP4Q@mail.gmail.com>
Date: Wed, 19 Sep 2012 15:10:20 +0100
Message-ID: <CAPwsocGs=5-JfpSSewDRaNC0KaoNF1okBD8-E27fx5U=9f6sgw@mail.gmail.com>
To: internals@lists.php.net
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] Re: RFC: Implementing a core anti-XSS escaping class
From: leight@gmail.com (Leigh)

>> I missed the encoding parameter. While it's still possible to add that
>> to a static-only class, that would be more cumbersome and less correct
>> than instantiation (since the encoding is state, technically). My
>> apologies. Carry on ;-)

It's probably already been covered, but I don't like the fact that
it's a class at all.

There's nothing wrong with an ini value to start with (defaulting to X
if it is unrecofnised), then ini_set() to change the value at runtime
if required, and finally implementing everything as normal functions
that accept an override encoding as an optional parameter for those
one-off cases.

It feels like this is just using classes for the sake of using
classes, adding an unnecessary layer of complexity (and discussion)
for no real reason except that is the RFC authors preference.