Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:72784 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 53069 invoked from network); 24 Feb 2014 09:28:02 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 24 Feb 2014 09:28:02 -0000 Authentication-Results: pb1.pair.com header.from=tyra3l@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=tyra3l@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.46 as permitted sender) X-PHP-List-Original-Sender: tyra3l@gmail.com X-Host-Fingerprint: 209.85.192.46 mail-qg0-f46.google.com Received: from [209.85.192.46] ([209.85.192.46:57297] helo=mail-qg0-f46.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id D6/21-46513-F901B035 for ; Mon, 24 Feb 2014 04:27:59 -0500 Received: by mail-qg0-f46.google.com with SMTP id e89so14210852qgf.5 for ; Mon, 24 Feb 2014 01:27:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=aAX+CBleScKj5By3H07EA9Y71R0+XH+cgAwmdbMeQk8=; b=My8gH66jfEBCjoupYZUWJQlnsX4wB3cua617myKgg0OKEb9pKCac+6vCwTQCOycFi9 5n+1BubGbnuGiFPvmyLFKKO0t9Was8JxMILwty4MqBJnnNiqnq9Y919Jm5K1vEB5Pabd WoJena5r7O92cFYbltpkT4Rwq8DqnXTAYrw0L6uNY0wotZFYv/oIHDr+5gOj6/4g68HR rbiyvKW/94nokNI1ByGKRdh1t4JAKeQFD1AwJNpQyXRcPuEnMnkCXbY/xhBD+Bb/Izzp 6gEJrGdLMJ5sa3udgnqsRGpKj6fGIxwa4ADLhJPk9xe3s5jMekoxig14oqnRVwYPfKjG Eo0w== MIME-Version: 1.0 X-Received: by 10.224.171.200 with SMTP id i8mr27990072qaz.96.1393234076339; Mon, 24 Feb 2014 01:27:56 -0800 (PST) Received: by 10.140.96.70 with HTTP; Mon, 24 Feb 2014 01:27:56 -0800 (PST) In-Reply-To: References: Date: Mon, 24 Feb 2014 10:27:56 +0100 Message-ID: To: Yasuo Ohgaki Cc: "internals@lists.php.net" Content-Type: multipart/alternative; boundary=001a11c2ca883593e204f323962c Subject: Re: [PHP-DEV] [VOTE] Improve HTML escape From: tyra3l@gmail.com (Ferenc Kovacs) --001a11c2ca883593e204f323962c Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Mon, Feb 17, 2014 at 5:10 AM, Yasuo Ohgaki wrote: > Hi all, > > This RFC for improving HTML escape by confirming OWASP recommendation. > PCI DSS suggests to follow their guidelines. > > https://wiki.php.net/rfc/secure-html-escape > > It makes escape OWASP recommended chars always. > It simplifies coding a little, too. > > Thank you for voting! > > -- > Yasuo Ohgaki > yohgaki@ohgaki.net > I've updated the voting end date to today from 22th, as the minimum voting period required by the voting RFC is one week. --=20 Ferenc Kov=C3=A1cs @Tyr43l - http://tyrael.hu --001a11c2ca883593e204f323962c--