creating an e() function can be a BC break if people already have an e() 
function in their code.
The name e is ambiguous to me, is it escape, error, encrypt?

You are free to provide a better rfc, but having e() being optional will also 
make security optional.

Regards
Thomas

Rowan Collins wrote on 28.07.2016 10:29:

> On 27 July 2016 23:45:10 GMT+01:00, Thomas Bley <ma...@thomasbley.de> wrote:
>>> In many ways, defining a built-in function e($string, $context) would
>>
>>> fulfil most of the above.
>>
>>If things are so easy, why does so much code exist with XSS problems?
> 
> Firstly, because there is no such built in function. I don't mean "telling
> everyone to implement one", I mean it existing in every copy of PHP.
> 
> But secondly, because people are lazy, or misunderstand, or make mistakes when
> they're in a hurry. Your RFC isn't going to magically fix all those things.
> 
> It's possible to agree that something's a problem without agreeing the
> solution. You seem to be implying in a couple of mails that anyone who doesn't
> support your ideas is anti-security, which is patently not true.
> 
> Regards,
> 
> -- 
> Rowan Collins
> [IMSoP]
> 


-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to