News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Pádraic Brady:
PHP Escaper RFC Consistent Escaping Functionality For Killing XSS
September 19, 2012 @ 13:02:59

There's been a lot of chatter about a recent RFC from Pádraic Brady on the php.internals maling list - his proposal to add native escaping to the PHP core. He shares some of his own thoughts about the proposal in a new post to his site.

A short time ago today, I submitted a PHP RFC for discussion which proposes adding an SPL Escaper class and, quite possibly, a related set of functions dedicated to escaping data for output to HTML/XML to PHP: https://wiki.php.net/rfc/escaper. The RFC itself should be a good read if you want to understand why I'm proposing this but the basics are quite simple. Cross-Site Scripting (XSS) is one of the two most common security vulnerabilities in web applications - the other being SQL Injection. Despite this, PHP's offering of escaping functions is extremely limited.

He talks about what problems the proposed solution solves and how it could help protect PHP programmers more effectively than the more complicated methods they have to go through now. If you're interested in reading the conversations so far, you can start here and walk through the messages.

0 comments voice your opinion now!
rfc proposal escaping core proposal phpinternals discussion


blog comments powered by Disqus

Similar Posts

Anthony Ferrara's Blog: Open Standards - The Better Way

Zend Developer Zone: Zend Framework Proposal Weeks Start June 12th

Lukas Smith\'s Blog: Zend chooses to ignore the questions

PHP 10.0 Blog: dirname(__FILE__)

Matthew Weir O'Phinney's Blog: Zend_Layout and Zend_View Enhanced components now in core


Community Events

Don't see your event here?
Let us know!


series opinion release security language php7 library introduction extension video framework voicesoftheelephpant api unittest laravel laravel5 podcast version interview community

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework