On Wed, Jul 31, 2013 at 10:24 AM, Happy Melon <happy.melon.wiki(a)gmail.com>wrote;wrote:
Yes, IMO, it should be abstracted away with a
carefully-written wrapper
function that bridges the semantic gap between "I want to do some character
conversions" and "I want to make this text safe to echo to the browser",
but that's just the point. Of course there are plenty of language features
you can point to that open up pitfalls; each one having its own severity
and ease-of-discovery. htmlspecialchars() has a medium severity and very
easy discovery, and it's a problem that's easy to eliminate by abstracting
the call to ensure it's always given the proper arguments. My example was
to disprove your point that assert() with string arguments is not as bad as
eval(); it is, for exactly the same reasons. Of course it's possible to
use eval() safely, just like any other construct, but general consensus is
that eval()'s security holes are severe enough and difficult-to-spot enough
to warrant strongly discouraging its use, and there is no reason not to
treat assert()-with-string-args the same way.
Then I guess I just have more faith in our code review. Nonetheless,
assert() provides an important functionality in being able to allow code
checks that do not incur a performance penalty in a production environment.
*-- *
*Tyler Romeo*
Stevens Institute of Technology, Class of 2016
Major in Computer Science
www.whizkidztech.com | tylerromeo(a)gmail.com