On 20/06/2016 04:22, Михаил Востриков wrote:
And it can really improve security, not in 90% but about 99.9999%
cases.
I think you are rather overstating how much of a "special edge case" it
is to echo a variable into other contexts like URLs, or JS. It doesn't
need to be anything fancy, just an innocent-looking snippet like this:
<ul>
<?php foreach ( $things as $thing ) { ?>
<li><a href="/things/<?= $thing['name'] ?>" onclick="show_popup('<?=
$thing['name'] ?>');"><?= $thing['name'] ?></a>
<?php } ?>
</ul>
There are three different escape mechanism needed there; if there is a
shorthand for one, do you think it will be more likely or less that
people will get the other two right?
Regards,
--
Rowan Collins
[IMSoP]
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
