[development] more consistency in theme functions and output
dries.buytaert at gmail.com
Thu May 11 12:28:01 UTC 2006
> > I think this is a pretty bad idea. This way every themer has a chance to
> > remove our XSS checks.
> Sounds fair.
> However, we now do *not* have a central place. Quite some of our
> checks/filters DO appear in theme functions!
Having a central place sounds like a particularly good idea, IMO. I
usually don't use contributed module because they are prone to
security issues. If all the escaping was (forced to be) done in a
central place, it would be ten times easier to audit the code (before
installing it). Whether this is feasible in the theme layer, I don't
know. I do know, however, that I like the idea.
Dries Buytaert :: http://buytaert.net/
More information about the development