|
|
|
|
|
|
by Mahn
4904 days ago
|
|
|
I think it's good this way, it forces the developer to think about the implications of escaped vs unescaped output. The way I see it, having htmlspecialchars/htmlentities applied automatically by a template engine is a close relative to the magic quotes; it abstracts something esential for the developer to know. |
|
|