On Wed, Jul 31, 2013 at 10:24 AM, Happy Melon happy.melon.wiki@gmail.comwrote:
Yes, IMO, it should be abstracted away with a carefully-written wrapper function that bridges the semantic gap between "I want to do some character conversions" and "I want to make this text safe to echo to the browser", but that's just the point. Of course there are plenty of language features you can point to that open up pitfalls; each one having its own severity and ease-of-discovery. htmlspecialchars() has a medium severity and very easy discovery, and it's a problem that's easy to eliminate by abstracting the call to ensure it's always given the proper arguments. My example was to disprove your point that assert() with string arguments is not as bad as eval(); it is, for exactly the same reasons. Of course it's possible to use eval() safely, just like any other construct, but general consensus is that eval()'s security holes are severe enough and difficult-to-spot enough to warrant strongly discouraging its use, and there is no reason not to treat assert()-with-string-args the same way.
Then I guess I just have more faith in our code review. Nonetheless, assert() provides an important functionality in being able to allow code checks that do not incur a performance penalty in a production environment.
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com