On Wed, Jul 31, 2013 at 8:38 AM, Happy Melon <happy.melon.wiki(a)gmail.com>wrote;wrote:
Deliberately using a function which reduces the
security of your
application to relying on everyone choosing the correct type of quotes is
definitely asking for trouble.
I don't see how this is an issue. htmlspecialchars() can cause an XSS
vulnerability if you pass it the wrong ENT_ constant. Should we just stop
using htmlspecialchars() in case developers pass the wrong constant?
*-- *
*Tyler Romeo*
Stevens Institute of Technology, Class of 2016
Major in Computer Science
www.whizkidztech.com | tylerromeo(a)gmail.com