I can't because I don't know of any successful vectors *currently*. I also would have sworn that echoing htmlentified data was safe....until I came across a browser where it wasn't.
So that's what I wanted to understand, because if we add this feature, we should give some explanation on when to use it and what it does, and I don't think I understand that, so I guess it would help to have such explanation.
-- Stanislav Malyshev, Zend Software Architect [EMAIL PROTECTED] http://www.zend.com/ (408)253-8829 MSN: [EMAIL PROTECTED]
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php