rfc:secure-html-escape

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
rfc:secure-html-escape [2014/02/10 03:05] yohgakirfc:secure-html-escape [2017/09/22 13:28] (current) – external edit 127.0.0.1
Line 1: Line 1:
  
 ====== PHP RFC: Improve HTML escape ====== ====== PHP RFC: Improve HTML escape ======
-  * Version: 0.10+  * Version: 1.0
   * Created: 2014-02-03   * Created: 2014-02-03
   * Date: 2014-02-10   * Date: 2014-02-10
   * Author: Yasuo Ohgaki <yohgaki@ohgaki.net>   * Author: Yasuo Ohgaki <yohgaki@ohgaki.net>
-  * Status: Under Discussion+  * Status: Declined
   * First Published at: http://wiki.php.net/rfc/secure-html-escape   * First Published at: http://wiki.php.net/rfc/secure-html-escape
  
Line 46: Line 46:
 Escape all chars OWASP recommends. Escape all chars OWASP recommends.
  
-  * Deprecate ENT_COMPAT/ENT_QUOTES and ignore them+  * Deprecate ENT_COMPAT/ENT_QUOTES and ignore them and add "/" escape.
-  * Add "/" escape by default for htmlentities()/htmlspecialchars(). i.e. Escape all chars recommended by OWASP by default. (Currently ENT_COMPAT is the default).+
  
 ===== Backward Incompatible Changes ===== ===== Backward Incompatible Changes =====
Line 64: Line 63:
  
  
-===== Proposed Voting Choices =====+===== Vote =====
  
  
-VOTE: 2014/02/16 - 2014/02/22+VOTE: 2014/02/17 - 2014/02/24
    
 <doodle title="Add / escape and Make ENT_QUOTES default" auth="yohgaki" voteType="single" closed="true"> <doodle title="Add / escape and Make ENT_QUOTES default" auth="yohgaki" voteType="single" closed="true">
rfc/secure-html-escape.1392001534.txt.gz · Last modified: 2017/09/22 13:28 (external edit)

Page Tools