On Wed, Jul 31, 2013 at 8:38 AM, Happy Melon <happy.melon.w...@gmail.com>wrote:
> Deliberately using a function which reduces the security of your > application to relying on everyone choosing the correct type of quotes is > definitely asking for trouble. > I don't see how this is an issue. htmlspecialchars() can cause an XSS vulnerability if you pass it the wrong ENT_ constant. Should we just stop using htmlspecialchars() in case developers pass the wrong constant? *-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science www.whizkidztech.com | tylerro...@gmail.com _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
