rfc:secure-html-escape

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
rfc:secure-html-escape [2014/02/10 03:01] yohgakirfc:secure-html-escape [2014/03/06 20:23] yohgaki
Line 1: Line 1:
  
 ====== PHP RFC: Improve HTML escape ====== ====== PHP RFC: Improve HTML escape ======
-  * Version: 0.10+  * Version: 1.0
   * Created: 2014-02-03   * Created: 2014-02-03
   * Date: 2014-02-10   * Date: 2014-02-10
   * Author: Yasuo Ohgaki <yohgaki@ohgaki.net>   * Author: Yasuo Ohgaki <yohgaki@ohgaki.net>
-  * Status: Under Discussion+  * Status: Declined
   * First Published at: http://wiki.php.net/rfc/secure-html-escape   * First Published at: http://wiki.php.net/rfc/secure-html-escape
  
Line 44: Line 44:
 ===== Proposal ===== ===== Proposal =====
  
-  * Add "/" escape by default for htmlentities()/htmlspecialchars(). i.e. Escape all chars recommended by OWASP by default. (Currently ENT_COMPAT is the default)+Escape all chars OWASP recommends. 
-  * Deprecate ENT_COMPAT/ENT_QUOTES and ignore them.+ 
 +  * Deprecate ENT_COMPAT/ENT_QUOTES and ignore them and add "/" escape.
  
 ===== Backward Incompatible Changes ===== ===== Backward Incompatible Changes =====
Line 62: Line 63:
  
  
-===== Proposed Voting Choices =====+===== Vote =====
  
  
-VOTE: 2014/02/16 - 2014/02/22+VOTE: 2014/02/17 - 2014/02/24
    
 <doodle title="Add / escape and Make ENT_QUOTES default" auth="yohgaki" voteType="single" closed="true"> <doodle title="Add / escape and Make ENT_QUOTES default" auth="yohgaki" voteType="single" closed="true">
rfc/secure-html-escape.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1

Page Tools