Writing the NNTP gateway made me realize how fragile mail as a format is, especially with subjects. Quoted-Printable sucks, and shoving it into a subject is even worse.
This article contains (in my view) an important point hidden under reams of PHP
[encoding and escaping] are both forms of processing data into different formats, and it’s nearly always a mistake to not know if this form of processing has occurred yet on a given piece of data, anywhere in an application.
Ultimately, it’s a matter of being certain about the type of data you’re handling, whereby type I mean anything relevant to parsing its semantic content. Both dynamically- and statically-typed languages are amenable to annotating objects with metadata concerning the operations that have been carried out with them.
My take, which features this front and centre and is probably a bit more dogmatic: your app has an inside and an outside, and when you’re inside you deal in structured data and in structured data alone. There is a serialisation process that is necessary to package that data up for the outside world, and the only places that should deal with that serialisation are well-demarcated and live on the boundary between the inside and the outside. https://ww.telent.net/2021/1/22/beating_the_dead_hobby_horse_i_structure_not_strings
your app has an inside and an outside, and when you’re inside you deal in structured data and in structured data alone
This is precisely what I wanted to communicate! (Indeed, your post looks like the ~decade newer version of mine, but considerably less wordy.) Our job as programmers is to draw that line between inside and outside and to be very clear about it.
Writing the NNTP gateway made me realize how fragile mail as a format is, especially with subjects. Quoted-Printable sucks, and shoving it into a subject is even worse.
This article contains (in my view) an important point hidden under reams of PHP
My take, which features this front and centre and is probably a bit more dogmatic: your app has an inside and an outside, and when you’re inside you deal in structured data and in structured data alone. There is a serialisation process that is necessary to package that data up for the outside world, and the only places that should deal with that serialisation are well-demarcated and live on the boundary between the inside and the outside. https://ww.telent.net/2021/1/22/beating_the_dead_hobby_horse_i_structure_not_strings
This is precisely what I wanted to communicate! (Indeed, your post looks like the ~decade newer version of mine, but considerably less wordy.) Our job as programmers is to draw that line between inside and outside and to be very clear about it.
https://www.php.net/manual/en/security.magicquotes.php seems to have been taken down (quite recently)
Huh! I will use an archive link, thanks for the note.