Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:63149 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 62214 invoked from network); 19 Sep 2012 16:22:04 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Sep 2012 16:22:04 -0000 Authentication-Results: pb1.pair.com smtp.mail=mikegstowe@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=mikegstowe@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.170 as permitted sender) X-PHP-List-Original-Sender: mikegstowe@gmail.com X-Host-Fingerprint: 209.85.217.170 mail-lb0-f170.google.com Received: from [209.85.217.170] ([209.85.217.170:34617] helo=mail-lb0-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 8C/78-15057-A21F9505 for ; Wed, 19 Sep 2012 12:22:03 -0400 Received: by lbbgp3 with SMTP id gp3so1270191lbb.29 for ; Wed, 19 Sep 2012 09:22:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; bh=dDeG5vOoYHz4iSUUS/VsWDOvi0LJDBGUq11wxsCSBH4=; b=Pi9eucgAn9DRJrvI5e+LMkb9i6u8bw+Q69hVQjlo3zFUfiTWIIN2gsCdsfz6iLrc3Z N/JOTjfsxx1TMPA7X6CcrwXThiTp/zyvSXd9A5tLBvJBtaDKFmTODbRVSaOAy5G6EX2E c47YHVA+nIIU8mNR1XRPJ0PgBJKnfKq3pNZFKcaVl/fVY56yxSENdiHoxtt1E1ya97sO bswONgHuORXcbVYTrXxSoqtL3FI8SWYdwO47PRrrfn7mjgy5S/ftXkkbiPJn79H+i71x z0otyybG9pQ6MabZy55XdMTCbWUaW7Ah4o3iEy14K5Z5QQv98k7bXkD90YAPrQOeAhkw jqGA== Received: by 10.152.162.10 with SMTP id xw10mr3113093lab.12.1348071719969; Wed, 19 Sep 2012 09:21:59 -0700 (PDT) MIME-Version: 1.0 Sender: mikegstowe@gmail.com Received: by 10.114.6.105 with HTTP; Wed, 19 Sep 2012 09:21:39 -0700 (PDT) In-Reply-To: <5059F033.80706@ajf.me> References: <0960EAA5-17FF-4E0F-9DDE-BB93D13EA02B@gmail.com> <72B22976-6F00-4EF5-88B3-140576CFE4E7@gmail.com> <5059F033.80706@ajf.me> Date: Wed, 19 Sep 2012 11:21:39 -0500 X-Google-Sender-Auth: seXSfWbL014u8xDi15LqFyyVGQA Message-ID: To: Andrew Faulds Cc: Lars Strojny , Michael Shadle , Leigh , "internals@lists.php.net" Content-Type: multipart/alternative; boundary=f46d042f92ec0023e104ca1068fb Subject: Re: [PHP-DEV] RFC: Implementing a core anti-XSS escaping class From: me@mikestowe.com (Michael Stowe) --f46d042f92ec0023e104ca1068fb Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable *"Oh goodness no, let's please only do OOP with the language features. Creating ridiculous "procedural" OOP abstractions helps absolutely nobody"* Andrew, I'm the biggest advocate of OOP out there, but the purpose of this is to provide a nice convenient layer for all developers to use to properly escape code and increase security within their applications. As such, we need to cater to the resistance...err, I mean Procedural Purists and those who are beginning PHP development and are not yet comfortable with OOP. - Mike On Wed, Sep 19, 2012 at 11:17 AM, Andrew Faulds wrote: > On 19/09/12 17:16, Lars Strojny wrote: > >> Hi, >> >> >> There seems to be a need for a procedural API. As their is one, let=92s = do >> it similar to how MySQLi etc. does it and use a context resource: >> >> $ctx =3D escape_context_create('UTF-8')**; >> $str =3D escape_html_attr($ctx, $str); >> >> And so on. >> >> cu, >> Lars >> > Oh goodness no, let's please only do OOP with the language features. > Creating ridiculous "procedural" OOP abstractions helps absolutely nobody= . > > > -- > Andrew Faulds > http://ajf.me/ > > --=20 ----------------------- "My command is this: Love each other as I have loved you." John 15:12 ----------------------- --f46d042f92ec0023e104ca1068fb--