Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:72725
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 45214 invoked from network); 20 Feb 2014 22:10:15 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 20 Feb 2014 22:10:15 -0000
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.41 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.215.41 mail-la0-f41.google.com  
Received: from [209.85.215.41] ([209.85.215.41:38276] helo=mail-la0-f41.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 94/B2-31058-54D76035 for <internals@lists.php.net>; Thu, 20 Feb 2014 17:10:14 -0500
Received: by mail-la0-f41.google.com with SMTP id mc6so1779416lab.14
        for <internals@lists.php.net>; Thu, 20 Feb 2014 14:10:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc:content-type;
        bh=mWAhhafLm5O1EiA2wlA/ExpfXHFatP3uDNB7JuVlbOg=;
        b=jatLS4LUExEucIDvNdqydJPJXvhabaUo/VDMZZHCQ4sjRMXHAK7ysnK8Dt/+n6dIz+
         1L4pmUDGHXCfUYJRetuhOCR2P5NNhZzhaxrVm35rBr2rF8RxqZjl+O+nWb1XTLThHgtk
         yk8Qxsr5q/qG/5PAa0JpfaqNN05FqulwL0KR6vVqZzTltZeS1SZsnWJ2BXeAN7jPajaK
         06wsj3yAH1qj5QkavVSVtxHvfJGViVEMJC/WAsIUERJRdJ8KAIbitmJihLwuNGbuLgUB
         bAbkX8vz7iuZsgFCjzfLQUNpmPKRKd8qRveeq0ELSgsJSbpv+KRIBYkokAUFgJec5LNa
         Vo8Q==
X-Received: by 10.112.134.134 with SMTP id pk6mr2248857lbb.85.1392934210609;
 Thu, 20 Feb 2014 14:10:10 -0800 (PST)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.112.199.37 with HTTP; Thu, 20 Feb 2014 14:09:30 -0800 (PST)
In-Reply-To: <CAGa2bXb195LTUSDdqQL2s92RmkLyi72jRG2M7NSQObUR+rAUGQ@mail.gmail.com>
References: <CAGa2bXanQ0Of6oLe2+qebZunopdzhfj+T+1QTY_LSkOjedvwkg@mail.gmail.com>
 <530668F8.9050005@gmail.com> <CAGa2bXb195LTUSDdqQL2s92RmkLyi72jRG2M7NSQObUR+rAUGQ@mail.gmail.com>
Date: Fri, 21 Feb 2014 07:09:30 +0900
X-Google-Sender-Auth: bM0jKmoqTVNW7p6Tbp1zgOu8zHM
Message-ID: <CAGa2bXYT095h6cEinJHYW38-FjA+tkV2TvNarqtWfKvN+rygcw@mail.gmail.com>
To: =?UTF-8?B?w4FuZ2VsIEdvbnrDoWxleg==?= <keisial@gmail.com>
Cc: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=089e01175e7dd1a9e104f2ddc470
Subject: Re: [PHP-DEV] [VOTE] Improve HTML escape
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--089e01175e7dd1a9e104f2ddc470
Content-Type: text/plain; charset=UTF-8

Hi All,

On Fri, Feb 21, 2014 at 6:57 AM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:

> I don't mind adding
>
>  - ENT_SINGLE(escape only ')
>  - ENT_DOUBLE(escape only ". Same as ENT_COMPAT, but better name)
>
> as HTML5 supports ", ' and no quotes for attributes. It seems good for
> completeness. This would be issue for new RFC, though. I may write new RFC
> for this when this is over if many of think this is better to have.
>

Correction.
To control escape fully, we need

 - ENT_SINGLE(escape only ' )
 - ENT_DOUBLE(escape only ". Same as ENT_COMPAT, but better name)
 - ENT_AMP(escape only & )
 - ENT_SEMI_COLON(escape only ; )
 - ENT_SLASH(escape only / )

It seems too much...

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--089e01175e7dd1a9e104f2ddc470--