As long as we are very clear about the fact that: * Twig has superior support for output escaping by default and * Output escaping can be done manually in the PHP version
I'm fine with it On Nov 19, 8:47 am, Henrik Bjornskov <[email protected]> wrote: > +1 > > Im turning it off in php templates per default anyways. > > On 19 Nov., 07:02, Tim Nagel <[email protected]> wrote: > > > > > I think its fine to remove automatic escaping through PHP and just make sure > > the documentation is clear that Twig is superior and if you want to use PHP > > you must escape everything? > > > Not sure there really is any other solution? > > > t > > > On Fri, Nov 19, 2010 at 16:58, Fabien Potencier < > > > [email protected]> wrote: > > > On 11/19/10 2:07 AM, Johannes wrote: > > > >> My first thought was to write a PHP-to-PHP compiler as well, but then > > >> I guess this isn't done so easily. > > > > correct. > > > > I don't know any libraries that build an AST, not even PHP internally > > >> builds an AST; and without an AST I don't see how you could reliably > > >> do any optimizations on on the PHP code. > > > > That's what we do in Twig actually (we manipulate the AST before > > > compilation). > > > > Fabien > > > > regards, > > >> Johannes > > > >> On Nov 19, 12:46 am, Jordi Boggiano<[email protected]> wrote: > > > >>> On Thu, Nov 18, 2010 at 11:08 PM, Fabien Potencier > > > >>> <[email protected]> wrote: > > > >>>> I think that makes sense because we have decided to use Twig as the > > >>>> default > > >>>> templating system (and Twig supports a much more robust implementation > > >>>> of > > >>>> automatic output escaping -- still not finished yet though.) > > > >>> This might sound stupid but have you ever considered just implementing a > > >>> lie? :) > > > >>> I mean, you could use the PHP tokenizer to pre-compile to php the php > > >>> templates. It sounds a bit wrong, but it actually makes sense in this > > >>> case I'd say. You could even have a raw() function that, if applies to > > >>> some expression, would be removed during compilation but would turn > > >>> off automatic escaping for that expression. > > > >>> It solves the performance issue, it solves the crazy vars sent to > > >>> another function sent to another template etc that are unable to be > > >>> resolved properly by the decorators. > > > >>> The question remains though, is it worth the trouble? > > > >>> Cheers > > > >>> -- > > >>> Jordi Boggiano > > >>> @seldaek ::http://seld.be/ > > > > -- > > > If you want to report a vulnerability issue on symfony, please send it to > > > security at symfony-project.com > > > > You received this message because you are subscribed to the Google > > > Groups "symfony developers" group. > > > To post to this group, send email to [email protected] > > > To unsubscribe from this group, send email to > > > [email protected]<symfony-devs%2bunsubscr...@google > > > groups.com> > > > For more options, visit this group at > > >http://groups.google.com/group/symfony-devs?hl=en -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
