[development] more consistency in theme functions and output concepts.

Dries Buytaert dries.buytaert at gmail.com
Thu May 11 12:28:01 UTC 2006

> > I think this is a pretty bad idea. This way every themer has a chance to
> > remove our XSS checks.
> Sounds fair.
> However, we now do *not* have a central place. Quite some of our
> checks/filters DO appear in theme functions!

Having a central place sounds like a particularly good idea, IMO.  I
usually don't use contributed module because they are prone to
security issues.  If all the escaping was (forced to be) done in a
central place, it would be ten times easier to audit the code (before
installing it).  Whether this is feasible in the theme layer, I don't
know.  I do know, however, that I like the idea.

Dries Buytaert :: http://buytaert.net/

More information about the development mailing list