Development Discussion Board

No, I’m not trying to make an HTML parser or discussing the usefulness of such a parser with those rules, I’m specifically addressing the question of if a “Secure” HTML parser - Kellanved said that such a parser doesn’t exist, so I’m curious based on the rules I stated above how you would exploit su...

Frankly, I have yet to see such a thing as a "secure HTML parser". It simply doesn't exist, which is the very nature of HTML. This piqued my curiosity. :) If you had an HTML parser that: Doesn’t allow the no-no HTML tags such as: script and style. (iframe isn't usable under rule #2) Doesn...

In this case, IMO, sense you are posting to the topic, after you post your reply you would naturally be left on the same page letting the user verify it was posted and see it in action. Naturally, anything to get rid of the confirmation box abuse that is prevalent in phpBB3. ;) -- The “You have suc...

No I don't, I'm just saying I don't think we should drag this on for ever ;-) If there are any new arguments or ideas how to compromise or some such I'd be happy to hear them. Okay... so at the risk of possibly dragging this on... :D I’m a little confused here because you said we should follow PHP'...

naderman wrote:Either way I think rather than discussing this any further we should focus on something more productive.

So do you want to lock this topic?

It’s a cool idea, but there are literally tens of thousands of scripts out there, plus each and every project would have to be willing to conform to some kind of standard with regard to how they build it into a single admin panel, then you have the problem of who is going to build the core system th...

As you can see in the coding guidelines RFC I pretty much reversed that position on the @author tag. Git blame and history seem sufficient to document who wrote what. There will of course still be an AUTHORs file as known from previous phpBB versions. If the code is distributed outside of Git for a...

The code generation thing seems rather fabricated to me. Well, a basic example. ;) And you’re correct, the term I used: "code generation" is fabricated, I don’t know the correct name for it when performing this kind of code manipulation. e.g.: $string = 'foo'; $$string = 'bar'; echo $foo;...

Indeed, IfindCamelCaseHarderToRead_than_what_we_use_now. This is because in English, you type words using a space, and when reading a sentence that uses underscores, the eye identifies it as a separation of words, it identifies it as a space. With CamelCase, the eye has a harder time identifying wh...

Easily happens that you end up doing something like this without the braces. The statement is always executed, even though the formatting makes it look like it will be conditional. That's part of what I meant about braces making it absolutely unambiguous. Okay, that makes sense. I’m all for making ...