Hi Michael, See the link near the bottom of the RFC - even htmlspecialchars() has unusual behaviour that's potentially insecure. I have no objections to there being functions, of course, and the RFC makes that clear. However, many programmers like me are obsessed are objects so having an SPL class will obviously be near and dear to my design patterned heart ;).
Paddy On Tue, Sep 18, 2012 at 5:39 PM, Michael Shadle <mike...@gmail.com> wrote: > Also as there is also htmlspecialchars() which most people use for escaping > this seems like a better, more centralized functionality and better > nomenclature for escaping on output in general with options for various types > (and should just be utf-8 by default :)) > -- Pádraic Brady http://blog.astrumfutura.com http://www.survivethedeepend.com Zend Framework Community Review Team -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
