Hi, 2012/4/10 Tom Boutell <t...@punkave.com>: > I agree that the security argument is bogus, but it was never one of > my reasons for this proposal.
The risk is there and it is hard to get rid of it. The risk will not go anywhere by telling the risk bogus. If programmers/administrators could disable embed mode, then systems will be protected from vulnerable codes. If you insist, please show us how to protect from $_SESSION script injection. Please do not tell me that programmer should learn not to, since it's not a protection but education. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net > > -- > Tom Boutell > P'unk Avenue > 215 755 1330 > punkave.com > window.punkave.com > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
