Details
-
Improvement
-
Resolution: Unresolved
-
High
-
None
Description
Can we make the ezhttp operator safer by default without breaking BC?
The PR #1349 uses PHPs filter_var() to strip out tags, with FILTER_SANITIZE_STRING and FILTER_FLAG_STRIP_LOW|FILTER_FLAG_NO_ENCODE_QUOTES. Unsure if this is backwards compatible in every case, or whether it may break some sites.
Input, reviews, and improvements are welcome!