Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:63151 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 71332 invoked from network); 19 Sep 2012 16:50:04 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Sep 2012 16:50:04 -0000 Authentication-Results: pb1.pair.com header.from=mike503@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=mike503@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.42 as permitted sender) X-PHP-List-Original-Sender: mike503@gmail.com X-Host-Fingerprint: 209.85.160.42 mail-pb0-f42.google.com Received: from [209.85.160.42] ([209.85.160.42:45171] helo=mail-pb0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id E2/6A-15057-BB7F9505 for ; Wed, 19 Sep 2012 12:50:04 -0400 Received: by pbbrp8 with SMTP id rp8so2888174pbb.29 for ; Wed, 19 Sep 2012 09:50:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=IeOoZ9nNxvTkOLZxdzbTgUwSyb+wHUVl/YCAug2TvxE=; b=xNjb1KHJXnEw+WhCcJVD9mmVij1rGU04d4VpDJki/nvy0+ocSdopLQJefl2iRPEYfs cc/uouqqDW2x3GmRL0YOJWyKxhm0T7V/1HibLBJB3Dt/Out5Aea+fk0R9UBPnZMAVefu uQWMoRGFq1kcnk0+NRvI6AMZ+lOOIpYeKWAhl4+SH0CpUclc+I9PXVogVXbEQvpXWwta 3F1bUbpynSyzbnWuL+VEoShwJMQ6ILzd5nhAnNsr+HtlOL24CZONaTuisvTViwoE9ZQJ en8sIM1kDuoCeYhKLPj5M8bSPfVfTjPU+GrTf/l4KIUHgAebd9IVWBhxngCg2iuhVy+m ozjw== MIME-Version: 1.0 Received: by 10.68.226.130 with SMTP id rs2mr8974344pbc.151.1348073400698; Wed, 19 Sep 2012 09:50:00 -0700 (PDT) Received: by 10.68.12.167 with HTTP; Wed, 19 Sep 2012 09:50:00 -0700 (PDT) In-Reply-To: <5059EE09.1010802@ajf.me> References: <0960EAA5-17FF-4E0F-9DDE-BB93D13EA02B@gmail.com> <72B22976-6F00-4EF5-88B3-140576CFE4E7@gmail.com> <5059EE09.1010802@ajf.me> Date: Wed, 19 Sep 2012 09:50:00 -0700 Message-ID: To: Andrew Faulds Cc: "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Re: RFC: Implementing a core anti-XSS escaping class From: mike503@gmail.com (Michael Shadle) On Wed, Sep 19, 2012 at 9:08 AM, Andrew Faulds wrote: > Yes, but typing the encoding every time is cumbersome. Or, if you don't want > to set it every time, you'd have to set it globally. Then, you forgot to > change it back somewhere when you're dealing with multiple encodings, and it > all goes wrong. then write a reusable function. same amount of code as an OO method. since everyone likes to make OO classes for every little thing. >> After that it seems like the discussion would be: >> 1) do we even need encoding or is UTF8 just fine > > UTF8-only is certainly not just fine. That's fine :) Just a suggestion for discussion. Keep encoding in then! (I was thinking about htmlspecialchars and such)