Use the sfOutputEscaper - it's smart enough to know if it's been escaped
or not already and won't double escape.
On Wed, 28 Oct 2009 19:52:46 +0100, Tom Boutell <t...@punkave.com> wrote:
>
> I write plugins which other people use in their Symfony apps.
>
> They might be using any of the possible escaping_strategy settings.
>
> I need a consistent way to access the escaped and non-escaped forms of
> the variables and request fields, REGARDLESS of that setting, because
> I don't want to force a particular setting on third-party devs but I
> don't want to fail to escape things properly either.
>
> The documentation says that $sf_data is only defined for certain
> escaping strategies.
>
> Writing this everyplace I need raw access:
>
> isset($sf_data) ? $sf_data->getRaw('foo') : $foo
>
> Is not practical. Neither is:
>
> isset($sf_data) ? $sf_data->get('foo') : htmlspecialchars($foo)
>
> In all the places where I DO want escaping.
>
> Is there a clean way to do this? Should I require users of my plugins
> to use the 'bc', 'on', 'or 'both' strategies and specifically refuse
> to support 'off'? This might not be too awful, since 'bc' is the
> default, but I'd hate to tell people they can't choose an escaping
> strategy of their choice in their own code for performance reasons, as
> the documentation says.
>
> Maybe I can specify an alternate escaping strategy on a per-module
> basis somehow?
>
> Any help appreciated, thanks!
>
--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
-~----------~----~----~----~------~----~------~--~---
