Here is what I've done so far: * Removal of the component + added a more powerful Engine::escape() method:
https://github.com/fabpot/symfony/commit/ad68092291c01ebcff8bec027c41a0863f0390c2 * New repo for the Output Escaper component: https://github.com/fabpot/output-escaper * Documentation update: https://github.com/symfony/symfony-docs/commit/f9ae4e98b66d626cb03283d13b3df686afe0e9ed Fabien -- Fabien Potencier Sensio CEO - symfony lead developer sensiolabs.com | symfony-project.org | fabien.potencier.org Tél: +33 1 40 99 80 80 On 11/23/10 1:12 PM, Fabien Potencier wrote:
On Nov 21, 4:01 pm, Fabien Potencier<[email protected]> wrote:Thanks all for the feedback. Here is what I propose to do: * remove the Output Escaper component to a standalone repo on Github (so that if someone want to take over the maintenance, that's possible) * remove all usage of the Output Escaper component in FrameworkBundle * add functions/methods to ease manual escaping * update documentation to compare Twig/PHP features and emphasize the pros and cons of each solution Before I start, I need to know what kind of functions/methods we add to ease manual escaping. Do we add a helper? $view['escaper']->escape($var, 'html') That's the more "natural" thing to do but as you can see, this is really verbose. Do we add functions? If so, what's the difference with the standard htmlentities/htmlspecialchars PHP functions?The solution is actually much simpler than that as we already have an escape() method in the Engine. I've just made it more powerful (context aware), and that's all there is to it really. I have committed the code and updated the documentation accordingly. Fabien
-- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
