Hi, On 8 Feb 2004, at 21:26, Rasmus Lerdorf wrote:
Perhaps the real answer here is to turn on input filtering by default so
we defeat XSS once and for all across the board.
seems like nobody is interested. I'd like to see some sort of discussion on this. How would an actual implementation would or should look like in PHP 5? What are the benefits (obvious, but still), what are the drawbacks (partly obvious, but still)? Is it PHP's role to provide this kind of XSS prevention built-in or is it sufficient to give the possibility to add it by hand (like now)? What is internals' opinion on this?
Best regards, Jan --
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
