rfc:secure-html-escape

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
rfc:secure-html-escape [2014/02/10 03:05] yohgakirfc:secure-html-escape [2014/03/06 20:23] yohgaki
Line 1: Line 1:
  
 ====== PHP RFC: Improve HTML escape ====== ====== PHP RFC: Improve HTML escape ======
-  * Version: 0.10+  * Version: 1.0
   * Created: 2014-02-03   * Created: 2014-02-03
   * Date: 2014-02-10   * Date: 2014-02-10
   * Author: Yasuo Ohgaki <yohgaki@ohgaki.net>   * Author: Yasuo Ohgaki <yohgaki@ohgaki.net>
-  * Status: Under Discussion+  * Status: Declined
   * First Published at: http://wiki.php.net/rfc/secure-html-escape   * First Published at: http://wiki.php.net/rfc/secure-html-escape
  
Line 46: Line 46:
 Escape all chars OWASP recommends. Escape all chars OWASP recommends.
  
-  * Deprecate ENT_COMPAT/ENT_QUOTES and ignore them+  * Deprecate ENT_COMPAT/ENT_QUOTES and ignore them and add "/" escape.
-  * Add "/" escape by default for htmlentities()/htmlspecialchars(). i.e. Escape all chars recommended by OWASP by default. (Currently ENT_COMPAT is the default).+
  
 ===== Backward Incompatible Changes ===== ===== Backward Incompatible Changes =====
Line 64: Line 63:
  
  
-===== Proposed Voting Choices =====+===== Vote =====
  
  
-VOTE: 2014/02/16 - 2014/02/22+VOTE: 2014/02/17 - 2014/02/24
    
 <doodle title="Add / escape and Make ENT_QUOTES default" auth="yohgaki" voteType="single" closed="true"> <doodle title="Add / escape and Make ENT_QUOTES default" auth="yohgaki" voteType="single" closed="true">
rfc/secure-html-escape.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1

Page Tools