Edward Z. Yang wrote: > My proposal is to introduce a new filter (for the filter extension) > which performs codepoint sanitization appropriate for HTML/XML contexts > (alternatively, this could be an option on the FILTER_DEFAULT filter, > which would be for Unicode strings, I assume). This filter would be > turned ON by default, and users could turn it off using a special > option. Thus, codepoint sanitization would work invisibly for users who > don't care, and would be accessible to users who do (i.e. those who > don't mind mucking around with unpaired surrogates or the like. This [1] > gives quite a good explanation about what this is all about).
Time to squeak. Are there any comments on this proposal? -- Edward Z. Yang GnuPG: 0x869C48DA HTML Purifier <http://htmlpurifier.org> Anti-XSS Filter [[ 3FA8 E9A9 7385 B691 A6FC B3CB A933 BE7D 869C 48DA ]] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
