Isnt it just $view->escape() since the escape method is on the Engine itself and not a helper ?
On Nov 23, 7:26 pm, Diego <[email protected]> wrote: > +1 for removing automatic escaping. We have had lots of issues with > this. > > $view['escaper']->escape($var, 'html') > > Is somewhat verbose (but what isn't in templates, anyway?), but I > think that is better to avoid following different patterns and start > adding style exceptions (Imagine the documentation: "In the case of > output escape helpers they are not view helpers but functions that > become available in the templates -or globally available-..."). > > The helper approach has the additional benefit of supporting many > escape strategies with the second parameter. It could let the user > define "escape extensions" to add custom output formats with the same > helper. > > Maybe the escape extensions should have static methods so they can be > easily used out of the templating service and wrapped with global > functions if the user prefers a shortcut without the complexity of the > templating service. A use case like: > > function eHtml($html) { > return \Symfony\Component\Templating\Helper\Escape > \Html::escape($html); > > } > > On Nov 21, 7:01 am, Fabien Potencier <[email protected]> > wrote: > > > > > > > > > Thanks all for the feedback. > > > Here is what I propose to do: > > > * remove the Output Escaper component to a standalone repo on > > Github (so that if someone want to take over the maintenance, that's > > possible) > > * remove all usage of the Output Escaper component in > > FrameworkBundle > > * add functions/methods to ease manual escaping > > * update documentation to compare Twig/PHP features and emphasize > > the pros and cons of each solution > > > Before I start, I need to know what kind of functions/methods we add > > to ease manual escaping. > > > Do we add a helper? > > > $view['escaper']->escape($var, 'html') > > > That's the more "natural" thing to do but as you can see, this is > > really verbose. > > > Do we add functions? If so, what's the difference with the standard > > htmlentities/htmlspecialchars PHP functions? > > > Fabien -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
