On Wed, Jul 31, 2013 at 10:24 AM, Happy Melon <happy.melon.w...@gmail.com>wrote:
> Yes, IMO, it should be abstracted away with a carefully-written wrapper > function that bridges the semantic gap between "I want to do some character > conversions" and "I want to make this text safe to echo to the browser", > but that's just the point. Of course there are plenty of language features > you can point to that open up pitfalls; each one having its own severity > and ease-of-discovery. htmlspecialchars() has a medium severity and very > easy discovery, and it's a problem that's easy to eliminate by abstracting > the call to ensure it's always given the proper arguments. My example was > to disprove your point that assert() with string arguments is not as bad as > eval(); it is, for exactly the same reasons. Of course it's possible to > use eval() safely, just like any other construct, but general consensus is > that eval()'s security holes are severe enough and difficult-to-spot enough > to warrant strongly discouraging its use, and there is no reason not to > treat assert()-with-string-args the same way. > Then I guess I just have more faith in our code review. Nonetheless, assert() provides an important functionality in being able to allow code checks that do not incur a performance penalty in a production environment. *-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science www.whizkidztech.com | tylerro...@gmail.com _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
