Differences

This shows you the differences between two versions of the page.

--- rfc:escaper [2013/09/27 04:15] – Merge Change Log yohgaki
+++ rfc:escaper [2018/06/18 10:11] (current) – This RFC appears to be inactive cmb
@@ Line 3: / Line 3: @@
   * Date: 2012-09-18
   * Author: Pádraic Brady <padraic.brady.at.gmail.com>, Yasuo Ohgaki <yohgaki@php.net>
-  * Status: Under Discussion
+  * Status: Inactive
   * First Published at: http://wiki.php.net/rfc/escaper
@@ Line 103: / Line 103: @@
 ===== Implementation Notes =====
+IMPORTANT: Since proper escape requires proper character encoding handling, multibyte string feature in core is mandatory for implementation.
 I am strongly opposed to allowing these functions accept unpredictable character encoding directives via php.ini. That would require additional work to validate which is precisely what this RFC should seek to avoid. By validation, I mean having programmers determine how dependencies implement escaping, what encoding they enforce (usually the default), and then determining if it can be changed by the depending applications or if the library must be forked, re-edited, etc. Those who are concious of security will review dependencies for such issues rather than blindly trust dependencies.