Hi internals,
I'd like to propose a new short tag that echos with HTML escaping.
XSS is still a significant problem for PHP apps, but it is less common in
apps written with frameworks that provide automatic HTML escaping. However,
many developers are still writing straight PHP without any
On Sun, Oct 21, 2012 at 2:35 PM, Charlie Somerville
char...@charliesomerville.com wrote:
Hi internals,
I'd like to propose a new short tag that echos with HTML escaping.
XSS is still a significant problem for PHP apps, but it is less common in
apps written with frameworks that provide
How do you propose we customise the escaping of such things, using
htmlentities() or htmlspecialchars? What about the ENT_QUOTES options, or the
charset to be used (UTF-8)?
htmlspecialchars() with ENT_QUOTES and UTF-8 should be sufficient.
I'm personally not a fan of your new syntax
Hi!
I'd like to propose a new short tag that echos with HTML escaping.
What is HTML escaping? Different contexts need different escaping. For
outside tags it's one escaping, for tag attribute it's another, for JS
code context - yet another. Selecting just one use case and integrating
it into
Personally I'm hugely *not* a fan of more obscure syntax in PHP.
I agree with this sentiment. I think the traditional simplicity of PHP's
syntax has been one of its greatest traits. I'm not a fan of all of this
type of alternate syntax that has been steadily added.
Bryan
On Sun, Oct 21, 2012 at 1:01 PM, Stas Malyshev smalys...@sugarcrm.com wrote:
Hi!
I'd like to propose a new short tag that echos with HTML escaping.
What is HTML escaping? Different contexts need different escaping. For
outside tags it's one escaping, for tag attribute it's another, for JS