On 18/09/12 20:50, Rasmus Lerdorf wrote:
On 09/18/2012 03:46 PM, Pádraic Brady wrote:
Bear in mind the RFC, in userland (and likely any PECL ext) implements
the ESAPI rules. They've been hacked on a lot over the years which is
why I made sure they were followed exactly. It's very unlikely that a
browser bug could scupper these unless they allowed in more unencoded
characters to be taken advantage of. There are benefits to reusing
pre-peer review rules.
Sure, but you have potential for buffer overflows, regex
backtrack/recursion issues and general programming errors when this
moves to C. I guarantee there will be dozens of bugs in the first
version no matter who writes it.
This makes me wonder why all of PHP's core must be in C. Some other
languages have standard libraries with portions written in the same
language, why can't PHP?
(I realise this is slightly off-topic)
--
Andrew Faulds
http://ajf.me/
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
