On Wed, Jul 31, 2013 at 8:38 AM, Happy Melon <[email protected]>wrote:
> Deliberately using a function which reduces the security of your > application to relying on everyone choosing the correct type of quotes is > definitely asking for trouble. > I don't see how this is an issue. htmlspecialchars() can cause an XSS vulnerability if you pass it the wrong ENT_ constant. Should we just stop using htmlspecialchars() in case developers pass the wrong constant? *-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science www.whizkidztech.com | [email protected] _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
