I like this idea. The auto escaper works well in simple cases but becomes cumbersome when you're passing more complex vars to templates that potentially include sub templates that also need those vars.
Helper functions would be nice, although I don't mind using the native PHP functions. On Nov 21, 10:01 am, Fabien Potencier <[email protected]> wrote: > Thanks all for the feedback. > > Here is what I propose to do: > > * remove the Output Escaper component to a standalone repo on > Github (so that if someone want to take over the maintenance, that's > possible) > * remove all usage of the Output Escaper component in > FrameworkBundle > * add functions/methods to ease manual escaping > * update documentation to compare Twig/PHP features and emphasize > the pros and cons of each solution > > Before I start, I need to know what kind of functions/methods we add > to ease manual escaping. > > Do we add a helper? > > $view['escaper']->escape($var, 'html') > > That's the more "natural" thing to do but as you can see, this is > really verbose. > > Do we add functions? If so, what's the difference with the standard > htmlentities/htmlspecialchars PHP functions? > > Fabien -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
