Re: [VOTE] Improve HTML escape

From: Ángel González Date: Thu, 20 Feb 2014 20:43:36 +0000

Subject: Re: [VOTE] Improve HTML escape

References: 1 Groups: php.internals

Request: Send a blank email to [email protected] to get a copy of this message

On 17/02/14 05:10, Yasuo Ohgaki wrote:
Hi all,

This RFC for improving HTML escape by confirming OWASP recommendation.
PCI DSS suggests to follow their guidelines.

https://wiki.php.net/rfc/secure-html-escape

It makes escape OWASP recommended chars always.
It simplifies coding a little, too.

Thank you for voting!
I see the point to change the default value, but I don't think PHP should ignore the flags requesting a specific behavior.

Thread (9 messages)

Yasuo OhgakiMon, 17 Feb 2014 04:10:25 +0000
Ángel GonzálezThu, 20 Feb 2014 20:43:36 +0000
Yasuo OhgakiThu, 20 Feb 2014 21:57:14 +0000
Yasuo OhgakiThu, 20 Feb 2014 22:09:30 +0000
Lester CaineFri, 21 Feb 2014 12:19:57 +0000
Yasuo OhgakiSun, 23 Feb 2014 05:03:11 +0000
Ferenc KovacsMon, 24 Feb 2014 09:27:56 +0000
Peter CowburnMon, 03 Mar 2014 10:57:40 +0000
Yasuo OhgakiThu, 06 Mar 2014 20:27:05 +0000

« previous	php.internals (#72720)	next »

From:	Ángel González	Date:	Thu, 20 Feb 2014 20:43:36 +0000
Subject:	Re: [VOTE] Improve HTML escape
References:	1	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message