In our application we started using the automatic output escaping in the PHP templates with PR3 and it has been a bit of a pain because of the things you describe here. It turns out that automatic escaping is a big hassle when you know what you are doing. I prefer to have to escape things explicitly and I assume it is also fast (better performance) this way.
We will be migrating to Twig in the near future but for those that still prefer PHP templates, it may be better to not have automatic escaping. Would you remove the component altogether from the Symfony2 package ? Or just disable it? Pablo -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
