11 May
2006
11 May
'06
2:28 p.m.
I think this is a pretty bad idea. This way every themer has a chance to remove our XSS checks.
Sounds fair.
However, we now do *not* have a central place. Quite some of our checks/filters DO appear in theme functions!
Having a central place sounds like a particularly good idea, IMO. I usually don't use contributed module because they are prone to security issues. If all the escaping was (forced to be) done in a central place, it would be ten times easier to audit the code (before installing it). Whether this is feasible in the theme layer, I don't know. I do know, however, that I like the idea. -- Dries Buytaert :: http://buytaert.net/