Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:63211
Return-Path: <padraic.brady@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 64305 invoked from network); 21 Sep 2012 09:46:57 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Sep 2012 09:46:57 -0000
Authentication-Results: pb1.pair.com smtp.mail=padraic.brady@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=padraic.brady@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.42 as permitted sender)
X-PHP-List-Original-Sender: padraic.brady@gmail.com
X-Host-Fingerprint: 209.85.160.42 mail-pb0-f42.google.com  
Received: from [209.85.160.42] ([209.85.160.42:41327] helo=mail-pb0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 71/10-62301-0973C505 for <internals@lists.php.net>; Fri, 21 Sep 2012 05:46:56 -0400
Received: by pbbrp8 with SMTP id rp8so7131808pbb.29
        for <internals@lists.php.net>; Fri, 21 Sep 2012 02:46:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type:content-transfer-encoding;
        bh=Ww82T+8wX0SuIifYTepb4f75/oL997cToiF0/MAxCf0=;
        b=OLoXvESGqi3oUu1FLshvAR9SWx0klrnGg2Z8qcKZeZdJAMD5GWU6mQ8xkJWniQLaiM
         kzKw6jhRxURH9O4RC7ktu8p//oQi1ev5FHQLMSUprpA+KRKQiry1bID+gy2whmmqmGu4
         /XwwaLoopkunukd44w2LvJ9rrxEg7b9X6vJYZIypoMoTo5lp8eGb/QC7yLbm5glGrhKE
         bnktGQGgeoB+0d0lFHU/O+ywTM0UL8U3AvYzd4rg4FO9TvCtf6M4B0381847Szdl9omA
         SmQSzOK0X/g6rd3xAp0qU42QTb3Yzp4UjcwoTKLMwdBOWxsXhIVH/kGul1RTlhA6dOPC
         Mrew==
MIME-Version: 1.0
Received: by 10.66.79.195 with SMTP id l3mr11940546pax.33.1348220813330; Fri,
 21 Sep 2012 02:46:53 -0700 (PDT)
Received: by 10.66.73.42 with HTTP; Fri, 21 Sep 2012 02:46:53 -0700 (PDT)
In-Reply-To: <CAEZPtU4Aja9j+bexw7jh3v7GxN+rdmdkxhNuX2Mk_2=LqwcsQQ@mail.gmail.com>
References: <CALwr1Gn4OmHP=Qa7NKzpbkq+w8FEjUMZ3v678bbZVOGM23G35g@mail.gmail.com>
	<CAEZPtU4Aja9j+bexw7jh3v7GxN+rdmdkxhNuX2Mk_2=LqwcsQQ@mail.gmail.com>
Date: Fri, 21 Sep 2012 10:46:53 +0100
Message-ID: <CALwr1GnbGMqyVzesG=qM2hb0ZpnwTrPcfMKSr+EqtmCHt_4GHQ@mail.gmail.com>
To: Pierre Joye <pierre.php@gmail.com>
Cc: internals@lists.php.net
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] RFC: Implementing a core anti-XSS escaping class
From: padraic.brady@gmail.com (=?ISO-8859-1?Q?P=E1draic_Brady?=)

Hi Pierre,

I also noticed your tweet ;).

> Given the current discussions about the APIs (see my other reply too)
> and its usage, and that this proposal is non invasive/self contained
> in an extension, I would strongly suggest to already go with it in
> PECL, do releases (stay alpha until you have a very good feeling about
> the API stability), etc. It will also greatly help to get more
> feedback.
>
> Then it could be proposed again for being bundled at some point,
> before we go features freeze for 5.5.

I believe this is the path we'll be taking after some IRC discussions.

Though, I do think that taking the RFC route on this one was the only
realistic option for a PHP programmer with a minimal C skillset. It
ensured that the proposal gained exposure, lots of feedback and an
opportunity to pick up a real C programmer who could take it further.

In any case, hopefully I'll be back with real hardcore C code for PHP
5.5. In the meantime, if anyone has any lingering concerns or
questions about the RFC, let me know!

Paddy

--=20
P=E1draic Brady

http://blog.astrumfutura.com
http://www.survivethedeepend.com
Zend Framework Community Review Team