2016-07-31 1:49 GMT+05:00 Reinis Rozitis <r...@roze.lv>:
> From: Michael Vostrikov
>>
>> The problem is that these functions should be called everywhere manually,
>> and there is no error when these functions are not called.
>> And this RFC proposes a solution - call a function automatically.
>>
>
> Though you can use pecl/taint for that.
> If anything imo it would make more sense to propose/vote for such
> functionality to be included in core.
>
How can I use it for that?
<?php $user['description'] = 'Some data from DB with
<script>alert("XSS");</script>'; ?>
<?= $a ?>
The code does not procude any error messages. This extension works only for
variables from GET, POST, COOKIE, this is not escaping of output data.
