Op zondag 20 augustus 2006 20:25, schreef Derek Wright:
it's way too late in the dev cycle for this, but i'd cast a large vote for a much more coherent way of handling output conversion and sanitizing in the next core API.
In a previous mail, I pointed out this insanity too. I suggested two things: * either we ONLY sanitize in the theme layer, on the very very last moment. the moment a sting is HTMLified. * OR we sanitize it all before passing along to the theme layer, themes get somehow HTMLiefied and clean strings. And maybe there are other sane places to do the sanitizing. My preference goes out to the first: It is the most clear, and the most consistent. It also insures us that themes get really raw data. and not some already-prepared HTML-ified data. A theme is about HTML-ifying it. A theme is the only place that really knows how sane it needs the data. Some people then said that they would never trust their security in the hands of themers, and rather keep it in the modules. A valid point too. Dries agreed at that time that a single place to do all our security is badly needed. But after that thread it all dropped silent, because we were promised that fapi2 would take care of this. I beleive we can still *agree* on a single location, and then work towards that with small patches, one place a time. We don't need uge projects like fapi2. We can do it one-patch-a-time too. :) Bèr 'SpagettiSecurity' Kessels