Actually, you should also always indicate the character encoding, for reasons I ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		shiflett on Aug 10, 2011 \| parent \| context \| favorite \| on: I Like PHP Actually, you should also always indicate the character encoding, for reasons I explain here: http://shiflett.org/blog/2005/dec/google-xss-example

pornel on Aug 11, 2011 [–]

Yes, declaration is necessary, but not in the htmlspecialchars() call if you're using ASCII-superset encoding (and you really should declare UTF-8, never UTF-7).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact