security bug in PHP-server-1.1
Norman Rasmussen
norman at rasmussen.co.za
Wed Apr 11 16:04:27 PDT 2007
On 4/11/07, Niels Berkers <niels at quotar.com> wrote:
> And in
> most of the cases the template builders are not the ones that have the
> best knowlegde of systems / programming language. So one of the most
> difficult tasks, is put in the hands of those less likely to have the
> best solution.
yes, true. I guess in an ideal world we'd have automated tests that
check that the templates escape their data correctly. Also the
template engine should either implicitly encode for output, or make it
extremely easy to - because things always get coded the easiest way.
--
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
More information about the Dev
mailing list