Hi all, I've written an RFC for PHP over at: https://wiki.php.net/rfc/escaper. The RFC is a proposal to implement a standardised means of escaping data which is being output into XML/HTML.
Cross-Site Scripting remains one of the most common vulnerabilities in web applications and there is a continued lack of understanding surrounding how to properly escape data. To try and offset this, I've written articles, attempted to raise awareness and wrote the Zend\Escaper class for Zend Framework. Symfony 2's Twig has since adopted similar measures in line with its own focus on security. That's all. The RFC should be self-explanatory and feel free to pepper me with questions. As the RFC notes, I'm obviously not a C programmer so I'm reliant on finding a volunteer who's willing to take this one under their wing (or into their basement - whichever works). https://wiki.php.net/rfc/escaper Best regards, Paddy -- Pádraic Brady http://blog.astrumfutura.com http://www.survivethedeepend.com Zend Framework Community Review Team -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
