On 11/26/10 8:04 AM, Henrik Bjornskov wrote:
Isnt it just $view->escape() since the escape method is on the Engine
itself and not a helper ?
Yes, that's what I did in the end.
Fabien
On Nov 23, 7:26 pm, Diego<dis...@gmail.com> wrote:
+1 for removing automatic escaping. We have had lots of issues with
this.
$view['escaper']->escape($var, 'html')
Is somewhat verbose (but what isn't in templates, anyway?), but I
think that is better to avoid following different patterns and start
adding style exceptions (Imagine the documentation: "In the case of
output escape helpers they are not view helpers but functions that
become available in the templates -or globally available-...").
The helper approach has the additional benefit of supporting many
escape strategies with the second parameter. It could let the user
define "escape extensions" to add custom output formats with the same
helper.
Maybe the escape extensions should have static methods so they can be
easily used out of the templating service and wrapped with global
functions if the user prefers a shortcut without the complexity of the
templating service. A use case like:
function eHtml($html) {
return \Symfony\Component\Templating\Helper\Escape
\Html::escape($html);
}
On Nov 21, 7:01 am, Fabien Potencier<fabien.potenc...@gmail.com>
wrote:
Thanks all for the feedback.
Here is what I propose to do:
* remove the Output Escaper component to a standalone repo on
Github (so that if someone want to take over the maintenance, that's
possible)
* remove all usage of the Output Escaper component in
FrameworkBundle
* add functions/methods to ease manual escaping
* update documentation to compare Twig/PHP features and emphasize
the pros and cons of each solution
Before I start, I need to know what kind of functions/methods we add
to ease manual escaping.
Do we add a helper?
$view['escaper']->escape($var, 'html')
That's the more "natural" thing to do but as you can see, this is
really verbose.
Do we add functions? If so, what's the difference with the standard
htmlentities/htmlspecialchars PHP functions?
Fabien
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to symfony-devs@googlegroups.com
To unsubscribe from this group, send email to
symfony-devs+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
