Re: Output escaping PSR

2016-10-06 Thread Geert Eltink
I don't think there should be a PSR to dictate how and if output is escaped. It also shouldn't dictate specific tests. If you are not sure about the security of a template engine output escape function there are better ways like a security audit and sending a PR with fixes or tests. An escaping

Re: [PSR-11] Question about PSR-11

2016-10-06 Thread Daniel Hunsaker
On Thursday, October 6, 2016 at 12:46:28 PM UTC-6, Pedro Cordeiro wrote: > > I understand the reasoning now. It saddens me a little (as an end user) > that I still won't be able to have truly agnostic implementations that > depend on a container (because I need to set the entries, after all, so

Re: Output escaping PSR

2016-10-06 Thread David Négrier
Hey Woody, I'm pretty sure there is a lot of things that need to be discussed if we go the template way. The render method could be: public function render(array|object $parameters) : string; In that case, it would be up to the implementators to adapt to the passed parameter. This is mostly a

Re: [PSR-11] Question about PSR-11

2016-10-06 Thread Pedro Cordeiro
I understand the reasoning now. It saddens me a little (as an end user) that I still won't be able to have truly agnostic implementations that depend on a container (because I need to set the entries, after all, so I'll need adapters for each specific implementation), but I understand that unde

Re: [PSR-11] Question about PSR-11

2016-10-06 Thread Matthieu Napoli
> Given that most of PSR-11 was developed "off in a corner" from a FIG POV, > I'd strongly suggest that anything people ask about here be taken as a need > for clarification in the metadoc (if something isn't there already). "This > GitHub link in this other group you wouldn't know to look fo

Re: Output escaping PSR

2016-10-06 Thread Woody Gilk
What if my templates use objects? On Thu, Oct 6, 2016, 04:34 David Négrier wrote: > Hey, > > I would simply like to give a huge +1 to Larry's answer because he did > nail the problem perfectly. > > Escaping is done in the template, therefore is used by template engine > authors. There are not a

Re: Output escaping PSR

2016-10-06 Thread David Négrier
Hey, I would simply like to give a huge +1 to Larry's answer because he did nail the problem perfectly. Escaping is done in the template, therefore is used by template engine authors. There are not a hundred different ways to do escaping and an escaping PSR would really dictate an implementati

Re: Output escaping PSR

2016-10-06 Thread Matteo Beccati
Hi, On 06/10/2016 09:53, Alessandro Lai wrote: > Maybe the aim of this PSR should be a test suite (or at least a data > provider of common and edge cases for tests) instead of an interface: if > your escaper pass all the tests, it's PSR-x compliant. > > This could be a really good standard, whic

Re: Output escaping PSR

2016-10-06 Thread Hari K T
> Maybe the aim of this PSR should be a test suite (or at least a data > provider of common and edge cases for tests) instead of an interface: if > your escaper pass all the tests, it's PSR-x compliant. > > This could be a really good standard, which any implementer can look up to > to see if its i

Re: [Important] [Internals] All projects must declare intention to remain members

2016-10-06 Thread Paul Dragoonis
PPI Framework will remain. On 6 Oct 2016 9:09 a.m., "Dracony" wrote: > PHPixie of course will stay, +1 :) > > On Monday, October 3, 2016 at 1:44:02 AM UTC+2, Michael Cullum wrote: >> >> As per the FIG 3.0 bylaws, all member projects must, between the 1st >> October and 31st October, declare they

Re: [Important] [Internals] All projects must declare intention to remain members

2016-10-06 Thread Dracony
PHPixie of course will stay, +1 :) On Monday, October 3, 2016 at 1:44:02 AM UTC+2, Michael Cullum wrote: > > As per the FIG 3.0 bylaws, all member projects must, between the 1st > October and 31st October, declare they wish to remain a member project of > the FIG. If you don't wish to remain, th

Re: Output escaping PSR

2016-10-06 Thread Alessandro Lai
Maybe the aim of this PSR should be a test suite (or at least a data provider of common and edge cases for tests) instead of an interface: if your escaper pass all the tests, it's PSR-x compliant. This could be a really good standard, which any implementer can look up to to see if its implemen

Re: Output escaping PSR

2016-10-06 Thread Iain Cambridge
On Thursday, October 6, 2016 at 6:57:10 AM UTC+2, Fabien Potencier wrote: > > On 10/5/16 12:17, Larry Garfield wrote: > > On 10/05/2016 05:05 PM, Korvin Szanto wrote: > >> > >> > >> On Tue, Oct 4, 2016 at 4:18 PM Sara Golemon > >> > wrote: > >> > >> On Tuesd