Hi,
I am under the impression that we have to provide an alternative to
htmlspecialchars() that incorporates the following ideas:
- Shorter function name
html_escape() for example. _h() would be much more preferable in
terms of preventing XSS ;-p
- Using default_charset as the default encoding
On 03.05.2010, at 00:53, Brian Moon wrote:
> I am not sure if this has been discussed or not. I will gladly make an RFC if
> not. I think it would be very intuitive if htmlspecialchars used the ini
> value default_charset as its default. And any function that takes an optional
> character set.
