Agreed, except that "safe" is misleading for another reason too - what could possibly be safe about an unescaped string? :) "raw" would be much more accurate. Copying the Filter extension and calling it "unsafe_raw" would be even better. It's a necessary filter, but people ought to be discouraged from using it unless they need to. Calling it "safe" makes it sound benign, rather than potentially risky.
Just my two pence :) -- Matt On 30 Sep 2010, at 10:01, Lukas Kahwe Smith wrote: > Hi, > > I find that "|safe" expresses that it means it should escape the string, > rather than expressing that it doesnt need escaping. Especially since > "|upper" says "please upper case the string". > > So I think it would be better to use "|issafe" to express that it shouldnt do > anything where "|upper" says please make it upper case. > > regards, > Lukas Kahwe Smith > [email protected] -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
