On 30.07.2016 at 17:09, Michael Vostrikov wrote: > Hello. The RFC 'New operator (short tag) for context-dependent escaping' is > now in voting phase. > > https://wiki.php.net/rfc/escaping_operator
I just checked out the cde_new branch to verify the behavior of some potential edge cases, but after building I've got segfaults even for sapi/cli/php -n -r "" That's not a problem per se, as the RFC process doesn't even require an implementation before voting. :-) Being able to play around with an implementation would be unlikely to change my vote anyway. My *main* issue with this RFC is that I don't consider it to enhance security. Forgetting to call the proper escaping function is as easy as forgetting to use <?* instead of <?= or calling an inappropriate escape_handler_call(). -- Christoph M. Becker -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
