Hi! > The point of the RFC is to ensure a consistent API for escaping is > available to all PHP programmers without resorting to userland
I do not see why "without resorting to userland" is a worthy goal in every case. It's like saying "I want to code in Python without ever using import" or "I want to code in Perl without ever using CPAN". Makes no sense, right? Why we should insist on this in PHP? > solutions. Existing functions are widely misused, misconfigured or > have builtin security issues yet are popularly advanced as "escaping" > for XSS. Do you think your functions won't be misused, misconfigured and never would have bugs? Exactly the same would happen. Having yet another API doing the same as old API is not a solution. -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
