Re: [RFC] Improve HTML escape

From: Date: Mon, 03 Feb 2014 22:21:08 +0000
Subject: Re: [RFC] Improve HTML escape
References: 1 2 3 4 5 6 7 8  Groups: php.internals 
Request: Send a blank email to [email protected] to get a copy of this message
Hi!

> Use of this option is not recommended,  but there is the standard. We may 
> support it even if we don't recommend it.

Nowhere in any standard it says we must use htmlentities to support
every possible context. There are contexts where htmlentities is
completely unsuitable - such as unquoted attributes, Javascript, CSS,
etc. In these contexts, other ways of escaping output should be used.

I get an impression you're trying to fit a square peg into a round hole
here. There are other ways to escape things and they should match the
context the output is used in. Trying to serve every scenario with one
function would not work.
-- 
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227


Thread (37 messages)

« previous php.internals (#72145) next »