Hi all,
If this is going to be implemented as a class, what is the advantage
of instantiation for this? Unless I'm missing it, I would propose that
the functions are made static.
In other words, I would prefer this:
echo Escaper::escapeHtml('<b>test</b>');
over this:
$e = new Escaper;
echo $e->escapeHtml('<b>test</b>');
Regards,
Tomas
> Hi all,
>
> I've written an RFC for PHP over at: https://wiki.php.net/rfc/escaper.
> The RFC is a proposal to implement a standardised means of escaping
> data which is being output into XML/HTML.
>
> Cross-Site Scripting remains one of the most common vulnerabilities in
> web applications and there is a continued lack of understanding
> surrounding how to properly escape data. To try and offset this, I've
> written articles, attempted to raise awareness and wrote the
> Zend\Escaper class for Zend Framework. Symfony 2's Twig has since
> adopted similar measures in line with its own focus on security.
>
> That's all. The RFC should be self-explanatory and feel free to pepper
> me with questions. As the RFC notes, I'm obviously not a C programmer
> so I'm reliant on finding a volunteer who's willing to take this one
> under their wing (or into their basement - whichever works).
>
> https://wiki.php.net/rfc/escaper
>
> Best regards,
> Paddy
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
