+1 Im turning it off in php templates per default anyways.
On 19 Nov., 07:02, Tim Nagel <[email protected]> wrote: > I think its fine to remove automatic escaping through PHP and just make sure > the documentation is clear that Twig is superior and if you want to use PHP > you must escape everything? > > Not sure there really is any other solution? > > t > > On Fri, Nov 19, 2010 at 16:58, Fabien Potencier < > > > > > > > > [email protected]> wrote: > > On 11/19/10 2:07 AM, Johannes wrote: > > >> My first thought was to write a PHP-to-PHP compiler as well, but then > >> I guess this isn't done so easily. > > > correct. > > > I don't know any libraries that build an AST, not even PHP internally > >> builds an AST; and without an AST I don't see how you could reliably > >> do any optimizations on on the PHP code. > > > That's what we do in Twig actually (we manipulate the AST before > > compilation). > > > Fabien > > > regards, > >> Johannes > > >> On Nov 19, 12:46 am, Jordi Boggiano<[email protected]> wrote: > > >>> On Thu, Nov 18, 2010 at 11:08 PM, Fabien Potencier > > >>> <[email protected]> wrote: > > >>>> I think that makes sense because we have decided to use Twig as the > >>>> default > >>>> templating system (and Twig supports a much more robust implementation > >>>> of > >>>> automatic output escaping -- still not finished yet though.) > > >>> This might sound stupid but have you ever considered just implementing a > >>> lie? :) > > >>> I mean, you could use the PHP tokenizer to pre-compile to php the php > >>> templates. It sounds a bit wrong, but it actually makes sense in this > >>> case I'd say. You could even have a raw() function that, if applies to > >>> some expression, would be removed during compilation but would turn > >>> off automatic escaping for that expression. > > >>> It solves the performance issue, it solves the crazy vars sent to > >>> another function sent to another template etc that are unable to be > >>> resolved properly by the decorators. > > >>> The question remains though, is it worth the trouble? > > >>> Cheers > > >>> -- > >>> Jordi Boggiano > >>> @seldaek ::http://seld.be/ > > > -- > > If you want to report a vulnerability issue on symfony, please send it to > > security at symfony-project.com > > > You received this message because you are subscribed to the Google > > Groups "symfony developers" group. > > To post to this group, send email to [email protected] > > To unsubscribe from this group, send email to > > [email protected]<symfony-devs%[email protected]> > > For more options, visit this group at > >http://groups.google.com/group/symfony-devs?hl=en -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
