On 03.05.2010, at 00:53, Brian Moon wrote:
I am not sure if this has been discussed or not. I will gladly make an RFC if
not. I think it would be very intuitive if htmlspecialchars used the ini
value default_charset as its default. And any function that takes an optional
character set.
Hi,
I am under the impression that we have to provide an alternative to
htmlspecialchars() that incorporates the following ideas:
- Shorter function name
html_escape() for example. _h() would be much more preferable in
terms of preventing XSS ;-p
- Using default_charset as the default encoding
I am not sure if this has been discussed or not. I will gladly make an
RFC if not. I think it would be very intuitive if htmlspecialchars used
the ini value default_charset as its default. And any function that
takes an optional character set.
A) Has this been discussed?
B) If not, do others