|
|
|
|
|
|
by muglug
2462 days ago
|
|
|
You're right, my wording was inexact - we must always escape strings that can be controlled in some fashion by the user. I'm working on comprehensive taint analysis for PHP[0], and I'm spending a bunch of time thinking about how to automatically detect those dirty strings. [0] https://psalm.dev/articles/psalm-3-and-a-half#taint-analysis |
|
|