Daevid Vincent wrote: > The few extra ms to execute some secure code is well worth it IMHO over > the chance of a XSS or script kiddie causing me hours of grief later. > > So in effect, we're on the same page I think. I think so :) Also it's worth noting that even for expert coders etc., one of the major advantages of PHP is that there are various applications out there that we can all benefit from. Even though we may code our own "Widget" there is no reason not to also run Joomla or phpBB etc. on the same server along side our solidly coded, XSS-safe Widget app. So I too would probably like to see these adopted upstream and enabled by default, with you having to answer a cryptic riddle during configure if you want to disable them ;) Col -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
