XML_Feed_Parser and HTML security

Thread: XML_Feed_Parser and HTML security

Search this list only Search all lists
XML_Feed_Parser and HTML security
	2006-08-17 01:31:15
Actually have a sample Safe class in the docs would be the same thing as telling the user to use HTML_Safe, most wouldn't and would complain anyhow. I do not agree on putting a small class aside that would extend, although what we could do is a flag in the package.xml that states that this package's output should be escaped: <installMSG>Output Should be escaped using HTML_Safe</installMSG> Then when installing: rootserependity:/home/david# pear install PEAR_Package-alpha downloading PEAR_Package-0.0.1.tgz ... Starting to download PEAR_Package-0.0.1.tgz (8,358 bytes) .....done: 8,358 bytes Info: Output should be escaped using HTML_Safe install ok: channel://pear.php.net/PEAR_Package-0.0.1 But yes, that would involve adding some stuff to the pear installer, and more xml parsing, maybe it's a little too overhead but for long term I believe that this could be a cool way of doing stuff. Even a tag <safeHTML/> that would output the message automatically. So the Info message and the docs should give the users an idea that this is important .. I guess they would understand but again.. i am not everyone -- PEAR Development Mailing List (http://pear.php.net/) To unsubscribe, visit: http://www.php.net/unsub .php

XML_Feed_Parser and HTML security
	2006-08-17 02:58:39
What you're proposing is best handled in documentation. The installation messages are already cluttered enough, no one will read them at all if we keep adding stuff. Greg David Coallier wrote: > Actually have a sample Safe class in the docs would be the same thing as > telling the user to use HTML_Safe, most wouldn't and would complain anyhow. > > I do not agree on putting a small class aside that would extend, > although what we could do is a flag in the package.xml that states that > this package's output should be escaped: > <installMSG>Output Should be escaped using HTML_Safe</installMSG> > > Then when installing: > rootserependity:/home/david# pear install PEAR_Package-alpha > downloading PEAR_Package-0.0.1.tgz ... > Starting to download PEAR_Package-0.0.1.tgz (8,358 bytes) > .....done: 8,358 bytes > Info: Output should be escaped using HTML_Safe > install ok: channel://pear.php.net/PEAR_Package-0.0.1 > > > But yes, that would involve adding some stuff to the pear installer, and > more xml parsing, maybe it's a little too overhead but for long term I > believe that this could be a cool way of doing stuff. Even a tag > <safeHTML/> that would output the message automatically. > > So the Info message and the docs should give the users an idea that this > is important .. I guess they would understand but again.. i am not > everyone -- PEAR Development Mailing List (http://pear.php.net/) To unsubscribe, visit: http://www.php.net/unsub .php

XML_Feed_Parser and HTML security
	2006-08-17 04:36:28
Yeah, I reviewed that idea and you are right. I know that personally I read more the messages I see in the shell than anything else, but it is much more logical to have that in the documentation. On 8/16/06, Greg Beaver <cellogphp.net> wrote: > > What you're proposing is best handled in documentation. The > installation messages are already cluttered enough, no one will read > them at all if we keep adding stuff. > > Greg > > David Coallier wrote: > > Actually have a sample Safe class in the docs would be the same thing as > > telling the user to use HTML_Safe, most wouldn't and would complain > anyhow. > > > > I do not agree on putting a small class aside that would extend, > > although what we could do is a flag in the package.xml that states that > > this package's output should be escaped: > > <installMSG>Output Should be escaped using HTML_Safe</installMSG> > > > > Then when installing: > > rootserependity:/home/david# pear install PEAR_Package-alpha > > downloading PEAR_Package-0.0.1.tgz ... > > Starting to download PEAR_Package-0.0.1.tgz (8,358 bytes) > > .....done: 8,358 bytes > > Info: Output should be escaped using HTML_Safe > > install ok: channel://pear.php.net/PEAR_Package-0.0.1 > > > > > > But yes, that would involve adding some stuff to the pear installer, and > > more xml parsing, maybe it's a little too overhead but for long term I > > believe that this could be a cool way of doing stuff. Even a tag > > <safeHTML/> that would output the message automatically. > > > > So the Info message and the docs should give the users an idea that this > > is important .. I guess they would understand but again.. i am not > > everyone > > -- David Coallier, Founder & Software Developer, Agora Production (http://agoraproduction.com ) 1.45.04.54.63.37

[1-3]

about | contact Other archives ( Real Estate discussion Medical topics )