[Rejected] Sanitizing User Profiles
#4
(2018-04-26, 08:21 PM)labrocca Wrote:
Quote:the filtering works for all past & future content immediately after it's implemented,

What does that mean? Please explain.

I believe what Devilshakerz means is that if escaping is done on output, all previous data that is already in the database (regardless of whether it is/was escaped) will be escaped no matter what. It's widely regarded that best practice is to store data in the form that it was provided, and do filtering/escaping when making use of that data - it could be that data doesn't want to be escaped or needs to be escaped in a different way depending on the context that the data is used in (eg: in plain text output, escaping using HTML entities makes no sense and causes garbled text).

I don't believe that this change was documented, though the original release of 1.8.0 was too long ago now for me to give a definitive answer either way off the top of my head and most of the people who were on the team or making decisions at that time have since moved on.
Reply


Messages In This Thread
Sanitizing User Profiles - by labrocca - 2018-04-26, 06:13 PM
RE: Sanitizing User Profiles - by Devilshakerz - 2018-04-26, 07:40 PM
RE: Sanitizing User Profiles - by labrocca - 2018-04-26, 08:21 PM
RE: Sanitizing User Profiles - by Euan T - 2018-04-26, 09:42 PM
RE: Sanitizing User Profiles - by labrocca - 2018-04-26, 10:20 PM
RE: Sanitizing User Profiles - by frostschutz - 2018-04-26, 11:01 PM
RE: Sanitizing User Profiles - by labrocca - 2018-04-27, 05:54 PM
RE: Sanitizing User Profiles - by frostschutz - 2018-04-27, 07:48 PM
RE: Sanitizing User Profiles - by Euan T - 2018-04-27, 06:52 PM
RE: Sanitizing User Profiles - by Devilshakerz - 2018-04-27, 08:12 PM
RE: Sanitizing User Profiles - by labrocca - 2018-04-27, 08:23 PM
RE: Sanitizing User Profiles - by Omar G. - 2018-04-28, 06:44 AM
RE: Sanitizing User Profiles - by labrocca - 2018-04-28, 02:41 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)