creating an e() function can be a BC break if people already have an e() function in their code. The name e is ambiguous to me, is it escape, error, encrypt?
You are free to provide a better rfc, but having e() being optional will also make security optional. Regards Thomas Rowan Collins wrote on 28.07.2016 10:29: > On 27 July 2016 23:45:10 GMT+01:00, Thomas Bley <ma...@thomasbley.de> wrote: >>> In many ways, defining a built-in function e($string, $context) would >> >>> fulfil most of the above. >> >>If things are so easy, why does so much code exist with XSS problems? > > Firstly, because there is no such built in function. I don't mean "telling > everyone to implement one", I mean it existing in every copy of PHP. > > But secondly, because people are lazy, or misunderstand, or make mistakes when > they're in a hurry. Your RFC isn't going to magically fix all those things. > > It's possible to agree that something's a problem without agreeing the > solution. You seem to be implying in a couple of mails that anyone who doesn't > support your ideas is anti-security, which is patently not true. > > Regards, > > -- > Rowan Collins > [IMSoP] > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
