I am not sure if this has been discussed or not. I will gladly make an
RFC if not. I think it would be very intuitive if htmlspecialchars used
the ini value default_charset as its default. And any function that
takes an optional character set.
A) Has this been discussed?
B) If not, do others think it is worth of a proper RFC?
There would be some BC breakage for sure as the default behavior would
be changing.
--
Brian.
I am not sure if this has been discussed or not. I will gladly make an RFC if not. I think it would be very intuitive if htmlspecialchars used the ini value default_charset as its default. And any function that takes an optional character set.
A) Has this been discussed?
B) If not, do others think it is worth of a proper RFC?There would be some BC breakage for sure as the default behavior would be changing.
Due to this BC and the fact that I do not see this as a super pressing issue, I would hold off with doing this change until we have our unicode plans more concrete, because this might result in yet another change in this area.
regards,
Lukas Kahwe Smith
mls@pooteeweet.org
PS: Then again .. the entire unicode discussion seems to have died on this list and I am not aware of any documentation having been made or any other tangible progress.
Hi,
I am under the impression that we have to provide an alternative to
htmlspecialchars() that incorporates the following ideas:
- Shorter function name
html_escape() for example. _h() would be much more preferable in
terms of preventing XSS ;-p - Using default_charset as the default encoding for it.
-
ENT_QUOTESas default.
Regards,
Moriyoshi
I am not sure if this has been discussed or not. I will gladly make an RFC
if not. I think it would be very intuitive if htmlspecialchars used the ini
value default_charset as its default. And any function that takes an
optional character set.A) Has this been discussed?
B) If not, do others think it is worth of a proper RFC?There would be some BC breakage for sure as the default behavior would be
changing.--
Brian.