On 27 July 2016 23:45:10 GMT+01:00, Thomas Bley <ma...@thomasbley.de> wrote: >> In many ways, defining a built-in function e($string, $context) would > >> fulfil most of the above. > >If things are so easy, why does so much code exist with XSS problems?
Firstly, because there is no such built in function. I don't mean "telling everyone to implement one", I mean it existing in every copy of PHP. But secondly, because people are lazy, or misunderstand, or make mistakes when they're in a hurry. Your RFC isn't going to magically fix all those things. It's possible to agree that something's a problem without agreeing the solution. You seem to be implying in a couple of mails that anyone who doesn't support your ideas is anti-security, which is patently not true. Regards, -- Rowan Collins [IMSoP] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php