On 18/09/12 18:19, Steve Clay wrote:
First issue: I've not studied the referenced PHP implementations, but
in cases where multiple contexts seem to apply it's not clear from the
RFC which function(s) should be used, and if multiple, how their calls
would be composed. Examples:
HTML style attribute: escapeHtmlAttr, escapeCss, or both?
HTML on* attributes: escapeHtmlAttr, escapeJs, or both?
HTML href/src attributes: escapeHtmlAttrs, escapeUrl, or both?
HTML script/style elements: Is escapeHtml needed?
I can probably correctly guess some of these, but I think ideally the
method and class names should make this more obvious. If escapeJs is
only for string literals in JS code (again, the name doesn't make that
clear to me), what does escapeCss actually do, since string literals
aren't very common in CSS?
I echo this. I think some clearer names might help, I think something
like these:
escapeHTMLAttribute for attributes, escapeHTMLText for text inside
<element> tags, escapeXMLAttribute and escapeXMLContent,
escapeJSStringLiteral, escapeCSSIdentifier, and another needs adding
(for url('*') things), escapeCSSStringLiteral.
--
Andrew Faulds
http://ajf.me/
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
