On 09/18/2012 03:46 PM, Pádraic Brady wrote: > Bear in mind the RFC, in userland (and likely any PECL ext) implements > the ESAPI rules. They've been hacked on a lot over the years which is > why I made sure they were followed exactly. It's very unlikely that a > browser bug could scupper these unless they allowed in more unencoded > characters to be taken advantage of. There are benefits to reusing > pre-peer review rules.
Sure, but you have potential for buffer overflows, regex backtrack/recursion issues and general programming errors when this moves to C. I guarantee there will be dozens of bugs in the first version no matter who writes it. -Rasmus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
