Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:68940 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 1083 invoked from network); 7 Sep 2013 08:51:08 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 7 Sep 2013 08:51:08 -0000 Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.182 as permitted sender) X-PHP-List-Original-Sender: pierre.php@gmail.com X-Host-Fingerprint: 209.85.220.182 mail-vc0-f182.google.com Received: from [209.85.220.182] ([209.85.220.182:58324] helo=mail-vc0-f182.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id A7/15-00660-AF8EA225 for ; Sat, 07 Sep 2013 04:51:08 -0400 Received: by mail-vc0-f182.google.com with SMTP id hf12so2837773vcb.13 for ; Sat, 07 Sep 2013 01:51:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=PajF8sGzTHHVhPF6bOCjX34Ovr26sfgAZ0bDTvG/u5g=; b=GAdC/71d6MoQjmtH1BXr8eRhzdcV0IU4t3/kigL0qbeZBLoqrZQhFSAVCMJjKB1jXz rw8ZM/EFIEht2uOz9ZNweJ5YPVEkQ0rM8JgKHANanMOgskn+HCpsujrxo8Ef3EJ5WA2T Iv7mR8MqPWq/5IN58rxxLdNmyB6BStRjBqA7jEN//77VlAZOFz8meezw0nZX8N7esW9C 2aO7hd2YuYsHLo+IKs4jaBNeVjm6HoKqD6OyDyX2fyBt0eva66cBL15iiqP0u29VeXgd iGvTYIF8qAuIMBpawhrE/8FuGzrhifB64v15pA4TxOOR/s2ZLYffzMf9QpX5GkBGgcj2 lHKA== MIME-Version: 1.0 X-Received: by 10.58.44.37 with SMTP id b5mr6701623vem.4.1378543863178; Sat, 07 Sep 2013 01:51:03 -0700 (PDT) Received: by 10.221.32.73 with HTTP; Sat, 7 Sep 2013 01:51:03 -0700 (PDT) Received: by 10.221.32.73 with HTTP; Sat, 7 Sep 2013 01:51:03 -0700 (PDT) In-Reply-To: References: Date: Sat, 7 Sep 2013 10:51:03 +0200 Message-ID: To: Yasuo Ohgaki Cc: PHP internals , Leigh Content-Type: multipart/alternative; boundary=089e013a132a45b2dd04e5c74119 Subject: Re: [PHP-DEV] [RFC] Escaping RFC for PHP Core - Updates? From: pierre.php@gmail.com (Pierre Joye) --089e013a132a45b2dd04e5c74119 Content-Type: text/plain; charset=ISO-8859-1 Hi, On Sep 7, 2013 10:35 AM, "Yasuo Ohgaki" wrote: > > Hi Leigh, > > On Sat, Sep 7, 2013 at 2:56 PM, Leigh wrote: > > > Looks like the rfc author was unable to implement it himself at the time > > of the proposal. > > > > The last thing in the discussion thread looks like "implement it in PECL > > first, and it might get bundled later" > > > > http://marc.info/?l=php-internals&m=134822086426610&w=2 > > > Thank you for the info. I searched my mailbox, but I couldn't find this. > > It would be better to implement this as SPL_Escape class. > > SPL_Escape::jsString() > SPL_Escape::phpString() > SPL_Escape::html() > SPL_Escape::htmlAttribute() > etc > > It looks nicer than Escaper::escapeJs(), Escaper::escapeHtml(), etc. > > Any comments? > Anyone mind if I edit the RFC? I like the goal of this proposal. It would however fits much better in ext/filter. Yes, escaping has different purposes than filtering. I have some worries about the implementation. It is not an easy task and some external libraries may already have these features (esp. CSS or JS). About the API: To have a kind of wrapper class is not very useful. It will most likely end with static methods with a large set of arguments or options array, not very sexy. Cheers, Pierre --089e013a132a45b2dd04e5c74119--