Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:63152
Return-Path: <mike503@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 72782 invoked from network); 19 Sep 2012 16:53:31 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 19 Sep 2012 16:53:31 -0000
Authentication-Results: pb1.pair.com header.from=mike503@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=mike503@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.42 as permitted sender)
X-PHP-List-Original-Sender: mike503@gmail.com
X-Host-Fingerprint: 209.85.160.42 mail-pb0-f42.google.com  
Received: from [209.85.160.42] ([209.85.160.42:37231] helo=mail-pb0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id B3/BA-15057-988F9505 for <internals@lists.php.net>; Wed, 19 Sep 2012 12:53:30 -0400
Received: by pbbrp8 with SMTP id rp8so2895354pbb.29
        for <internals@lists.php.net>; Wed, 19 Sep 2012 09:53:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type:content-transfer-encoding;
        bh=WKP7hXVLmNJLYu4vFrjVJ4ehKWTEBncZDHSy8V8jfVA=;
        b=N1vYlS41XUbTGoxm7mnOWKM8J1QN1hIGTroeNju4mp3SlvHL2LkLtjtIcV8xOh+3jX
         Pp8QAczgra9BBcLliz84XfgvBC6GqgQdPcPsevwgS2aQQ+vZ41O7NBIi8tJZf7S+NbbJ
         S1VVcc4+G2m56HYuElQyN9U2G3Cah6KrsDDFiItuDOiN8UBip7h4GvoYHdFveIPUi9LX
         iTQ19uCFeahhqfIQ4jjoKBGW0QU6qgDHjtteeKFpqbeaLCsWGdvrJkoyfS30i1k124UJ
         KtUqEzEekY9B1WViaC8q5lNQ5sDmkGgVr1W8QztuPM5EPMgkxtw4/dGCVlJYoFmf0qO5
         YlWw==
MIME-Version: 1.0
Received: by 10.66.79.36 with SMTP id g4mr8180582pax.67.1348073606361; Wed, 19
 Sep 2012 09:53:26 -0700 (PDT)
Received: by 10.68.12.167 with HTTP; Wed, 19 Sep 2012 09:53:26 -0700 (PDT)
In-Reply-To: <FE6A0705-9D5C-4FE4-AB1E-2FC18EFE4557@strojny.net>
References: <CAO1hux8mmUsy4badiNjxTGMubaduD1gkgbw4ZK1Me_MwGwLybA@mail.gmail.com>
	<CALtuQzC4e2Sn_BHinFAPdVrz8Oc_d6wCqTr=AscMChH29NSENw@mail.gmail.com>
	<CAO1hux9+4QK2sVX9+4110ksa9qDpUpfDhFJvyzkXcBHrFoFWvg@mail.gmail.com>
	<0960EAA5-17FF-4E0F-9DDE-BB93D13EA02B@gmail.com>
	<CAO1hux9t9refYHYnKhY0725MvRm88ab85Ng23LCvnjDJxqQA7g@mail.gmail.com>
	<CALwr1GnjjjMbK8-VkVO57meDAgDn8PSPoWdj2DjYMB7F01dP4Q@mail.gmail.com>
	<CAPwsocGs=5-JfpSSewDRaNC0KaoNF1okBD8-E27fx5U=9f6sgw@mail.gmail.com>
	<72B22976-6F00-4EF5-88B3-140576CFE4E7@gmail.com>
	<CAH8KiX+AmGxnZ_j0KD-1FZ0gLOuYScEx9YURBQWAep_b1T6vTw@mail.gmail.com>
	<FE6A0705-9D5C-4FE4-AB1E-2FC18EFE4557@strojny.net>
Date: Wed, 19 Sep 2012 09:53:26 -0700
Message-ID: <CAKa35F6Bd-czEKiQBat3Z_0=srOor9E7Mnq4YOWv=tcWTS0_nQ@mail.gmail.com>
To: Lars Strojny <lars@strojny.net>
Cc: Michael Stowe <me@mikestowe.com>, Leigh <leight@gmail.com>, 
	"internals@lists.php.net" <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] RFC: Implementing a core anti-XSS escaping class
From: mike503@gmail.com (Michael Shadle)

On Wed, Sep 19, 2012 at 9:16 AM, Lars Strojny <lars@strojny.net> wrote:

> There seems to be a need for a procedural API. As their is one, let=E2=80=
=99s do it similar to how MySQLi etc. does it and use a context resource:
>
> $ctx =3D escape_context_create('UTF-8');
> $str =3D escape_html_attr($ctx, $str);

why bother with that? it's called function parameters. (and even
better, named parameters if PHP ever implemented those... :))