Hi, I am under the impression that we have to provide an alternative to htmlspecialchars() that incorporates the following ideas:
- Shorter function name html_escape() for example. _h() would be much more preferable in terms of preventing XSS ;-p - Using default_charset as the default encoding for it. - ENT_QUOTES as default. Regards, Moriyoshi On Mon, May 3, 2010 at 7:53 AM, Brian Moon <br...@moonspot.net> wrote: > I am not sure if this has been discussed or not. I will gladly make an RFC > if not. I think it would be very intuitive if htmlspecialchars used the ini > value default_charset as its default. And any function that takes an > optional character set. > > A) Has this been discussed? > B) If not, do others think it is worth of a proper RFC? > > There would be some BC breakage for sure as the default behavior would be > changing. > > -- > > Brian. > -------- > brianlm...@php.net > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
