On 11 May 2006, at 2:28 PM, Dries Buytaert wrote:
Having a central place sounds like a particularly good idea, IMO. I usually don't use contributed module because they are prone to security issues. If all the escaping was (forced to be) done in a central place, it would be ten times easier to audit the code (before installing it). Whether this is feasible in the theme layer, I don't know. I do know, however, that I like the idea.
One of the things about fapi 2.0 , and cck, would be that everything would have a model. IE: every form would have it's fields defined. Same goes for node types, etc. Doing the checking automatically on the model object sounds like the best central place. That would mean that all contrib modules would get save html at all times. -- Adrian Rossouw Drupal developer and Bryght Guy http://drupal.org | http://bryght.com