Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:68948
Return-Path: <morrison.levi@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 40747 invoked from network); 7 Sep 2013 16:43:04 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 7 Sep 2013 16:43:04 -0000
Authentication-Results: pb1.pair.com header.from=morrison.levi@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=morrison.levi@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.214.173 as permitted sender)
X-PHP-List-Original-Sender: morrison.levi@gmail.com
X-Host-Fingerprint: 209.85.214.173 mail-ob0-f173.google.com  
Received: from [209.85.214.173] ([209.85.214.173:47131] helo=mail-ob0-f173.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 59/3C-00660-7975B225 for <internals@lists.php.net>; Sat, 07 Sep 2013 12:43:04 -0400
Received: by mail-ob0-f173.google.com with SMTP id ta17so4574930obb.4
        for <internals@lists.php.net>; Sat, 07 Sep 2013 09:43:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=u0Qcg6GdJu8JMZy8WFajpP9OKlv7K8EzD36X9rNv3Qw=;
        b=DobXroI7o7zI57OAq/B87+sTMxOuU7/yLJmM0R4jMgm1sD90wkCibpniXrGWTXQ4kS
         ZiCbKK+Umx/kKUxgCuUA4ycJL/jbk/N3+UpuyO/qY21p2DZLrG8TYqufhxVWVE13aDu8
         WCETv72ykZGwDYkM1tmmNm7iawHiPsJV1hTziE5HSwdj0K6ZKd9Lhhr9SoMjVn+j5ix0
         WKa5yBI4UUP1eCC6kAKnFWdWXTF0HeO0CrMVm3VR+EFVmCWb0Db67PmbhPuX3miEXzdG
         yux9o9Hj2yYYpAhZg0LKT7UybJ7fOxMgglfTzrc71U2yNY4TJl8enX3tvjibMbMYIE1y
         bvNA==
MIME-Version: 1.0
X-Received: by 10.182.243.138 with SMTP id wy10mr5881287obc.83.1378572181487;
 Sat, 07 Sep 2013 09:43:01 -0700 (PDT)
Received: by 10.76.122.200 with HTTP; Sat, 7 Sep 2013 09:43:01 -0700 (PDT)
In-Reply-To: <op.w21u24l6c9evq2@nikita-pc>
References: <CAGa2bXaf0MefCj6s_MEbJmnSk8G+hvm5CMNyH_ODeRhSub5LRg@mail.gmail.com>
	<CAPwsocFgv2dNGo7+5KxayrSinvm8aieKvj-WcT21ACAPLMCBrg@mail.gmail.com>
	<CAGa2bXbptncHo5vNwuySvhj8hPLFg14u4jVu8tDptVKfN7S=3A@mail.gmail.com>
	<CAFMT4NrxFciCZL4ENdSCqRW3cYyWWKQFWMJRM+95FBkDXPaPkg@mail.gmail.com>
	<522B4F8D.2040107@mjburgess.co.uk>
	<op.w21u24l6c9evq2@nikita-pc>
Date: Sat, 7 Sep 2013 10:43:01 -0600
Message-ID: <CAFMT4Npvz8+PrSZQx=P375TSQLsCX7L=a3iYm6Kz_7rSLOiiJA@mail.gmail.com>
To: Nikita Nefedov <inefedor@gmail.com>
Cc: internals <internals@lists.php.net>, Michael John Burgess <michael@mjburgess.co.uk>
Content-Type: multipart/alternative; boundary=001a11c2a1202cc92604e5cdd9eb
Subject: Re: [PHP-DEV] [RFC] Escaping RFC for PHP Core - Updates?
From: morrison.levi@gmail.com (Levi Morrison)

--001a11c2a1202cc92604e5cdd9eb
Content-Type: text/plain; charset=ISO-8859-1

On Sat, Sep 7, 2013 at 10:36 AM, Nikita Nefedov <inefedor@gmail.com> wrote:

> On Sat, 07 Sep 2013 20:08:45 +0400, Michael John Burgess <
> michael@mjburgess.co.uk> wrote:
>
>  On 07/09/2013 15:41, Levi Morrison wrote:
>>
>>> It looks nicer than Escaper::escapeJs(), Escaper::escapeHtml(), etc.
>>>>
>>>> Any comments?
>>>>
>>>
>>>
>>> Please, don't go down this route. You do not want one class to escape all
>>> kinds of data; delegate each type of escaping to its own class:
>>>
>>> JavaScriptEscaper->escape();
>>> PhpEscaper->escape();
>>> HtmlEscaper->escape();
>>> HtmlAttributeEscaper->escape()**;
>>>
>>> I should not have to defend this but I am willing to explain in more
>>> detail
>>> if someone would like me to.
>>>
>>>
>>
>> There doesnt need to be any object-oriented version for this problem.
>> It's a series of pure functions. Wraping them in one or more classes adds
>> nothing.
>>
>> Michael
>>
>>
> Hi,
>
> Wrapping those functions in methods means they can be extended in child
> classes. So suppose you have some library that takes object of type
> Spl_Escaper and uses its methods for escaping some data. Now if you will
> need some additional escaping you just need to make child class for
> Spl_Escaper and override methods which behavior you need to change. This
> can't be done with pure functions (in PHP).


You have a flawed understanding of good functional design. Instead of
directly calling the escaping function you would simply ask for a callable
and pass in the escaping function. Thus, you could use an alternative
escaping function at runtime.

The methods route is a poor choice. If we use classes at all, separate the
responsibility of each type of escaping to a separate class. Escaping JSON
and HTML code have little (possibly nothing) in common and do not belong in
the same class.

--001a11c2a1202cc92604e5cdd9eb--