7 Mar
2006
7 Mar
'06
8:23 p.m.
On 3/7/06, Adrian Rossouw <adrian@bryght.com> wrote:
On 07 Mar 2006, at 8:51 PM, Dries Buytaert wrote:
Also, we /suffer/ from pitfalls; most of these framework take care of everything security (input validation, XSS injection) whereas with Drupal, thou shalt not forget check_plain() and friends.
how could we fix that ?
There were too discussions on the security lists last December. One is titled "Sanitizing input/output", the other was titled "a sum on general filtering". Both discussed the possibility of using ob_start() and passing it a filter call back so that everything gets filtered, and the pros and cons of that approach. Karoly and Steven were the main ones who discussed it.