On 12/08/16 09:54, Rowan Collins wrote: > On 12/08/2016 09:19, Lester Caine wrote: >> I'm thinking >> $var->setConstraint() >> $var->setEscape() >> $var->setReadOnly() >> >> Rather than having to build 'reflections' classes to pull out data that >> a simple $var->is_valid or echo $var will output a correctly escaped >> piece of text. > > Note that as discussed on the recent RFC thread, escape mechanisms are > very much specific to the *destination* of the data not the *source*. So > having "echo $foo" call "echo $foo->escape()" isn't going to work. > > I guess you could have "echo $foo->forHTML()" with some kind of fallback > that converts that to "echo htmlspecialchars($foo)" if nothing further > is defined. Or "echo_html( $foo )" calling "$foo->forHTML()" internally > if it's been defined against the variable. I haven't thought this > through fully, just throwing ideas out there.
I struggled to see what problem adding more 'shortcut' tags was going to solve. *I* have problems with third party sites returning data that may or may not need 'un-escaping' and it's a little like trying to ensure I get a UK rather than an American date. From the 'source' end it's almost a 'this needs escaping' and you are right that where it is going forms part of the 'escape' process, so the 'generic code' that handles echo may benefit from expansion to echo_xxx to augment the process. Or just like 'strict' mode we have 'js' mode and all output uses the appropriate js rules rather than html? I think the idea *I* am throwing out for discussion is a switch from global_library($var, ... ) to $var->global_library( ... ) where $var is now always an object without having every framework creating it's own version of the wrapper? -- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
