Y
Hacker News
new
|
ask
|
show
|
jobs
by
shiflett
5421 days ago
Actually, you should also always indicate the character encoding, for reasons I explain here:
http://shiflett.org/blog/2005/dec/google-xss-example
1 comments
pornel
5420 days ago
Yes, declaration is necessary, but not in the htmlspecialchars() call if you're using ASCII-superset encoding (and you really should declare UTF-8, never UTF-7).
link