Thanks all for the feedback.
Here is what I propose to do:
* remove the Output Escaper component to a standalone repo on
Github (so that if someone want to take over the maintenance, that's
possible)
* remove all usage of the Output Escaper component in
FrameworkBundle
* add functions/methods to ease manual escaping
* update documentation to compare Twig/PHP features and emphasize
the pros and cons of each solution
Before I start, I need to know what kind of functions/methods we add
to ease manual escaping.
Do we add a helper?
$view['escaper']->escape($var, 'html')
That's the more "natural" thing to do but as you can see, this is
really verbose.
Do we add functions? If so, what's the difference with the standard
htmlentities/htmlspecialchars PHP functions?
Fabien
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
