2012/9/19 Tomas Creemers <tomas.creem...@gmail.com>
> Hi all,
>
>
>
> If this is going to be implemented as a class, what is the advantage
> of instantiation for this? Unless I'm missing it, I would propose that
> the functions are made static.
>
> In other words, I would prefer this:
>
> echo Escaper::escapeHtml('<b>test</b>');
>
>
> over this:
>
> $e = new Escaper;
> echo $e->escapeHtml('<b>test</b>');
>
>
>
> Regards,
>
> Tomas
>
Hi,
I guess the reason is the same like the one, why you just should avoid
static methods at all. But only one example: Try to extend the class and
then _always_ use the extended one ;)
Regards,
Sebastian
>
>
>
> > Hi all,
> >
> > I've written an RFC for PHP over at: https://wiki.php.net/rfc/escaper.
> > The RFC is a proposal to implement a standardised means of escaping
> > data which is being output into XML/HTML.
> >
> > Cross-Site Scripting remains one of the most common vulnerabilities in
> > web applications and there is a continued lack of understanding
> > surrounding how to properly escape data. To try and offset this, I've
> > written articles, attempted to raise awareness and wrote the
> > Zend\Escaper class for Zend Framework. Symfony 2's Twig has since
> > adopted similar measures in line with its own focus on security.
> >
> > That's all. The RFC should be self-explanatory and feel free to pepper
> > me with questions. As the RFC notes, I'm obviously not a C programmer
> > so I'm reliant on finding a volunteer who's willing to take this one
> > under their wing (or into their basement - whichever works).
> >
> > https://wiki.php.net/rfc/escaper
> >
> > Best regards,
> > Paddy
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
github.com/KingCrunch
