Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:68951
Return-Path: <florinpatan@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 44943 invoked from network); 7 Sep 2013 16:56:01 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 7 Sep 2013 16:56:01 -0000
Authentication-Results: pb1.pair.com header.from=florinpatan@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=florinpatan@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.52 as permitted sender)
X-PHP-List-Original-Sender: florinpatan@gmail.com
X-Host-Fingerprint: 209.85.220.52 mail-pa0-f52.google.com  
Received: from [209.85.220.52] ([209.85.220.52:39396] helo=mail-pa0-f52.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 58/2D-00660-F9A5B225 for <internals@lists.php.net>; Sat, 07 Sep 2013 12:56:00 -0400
Received: by mail-pa0-f52.google.com with SMTP id kq13so4580563pab.11
        for <internals@lists.php.net>; Sat, 07 Sep 2013 09:55:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc:content-type;
        bh=iDur1g2ipQAQXkj5IS6twAF/thLyMd+Bfwwv+q3FePg=;
        b=v2VXAl43rAqHu8xM4K1THk+VPhGXRH4LeLACSE5f3aq8mehszu/ENxdJbJjK1zC1D/
         vf+s0xpkgBrW4BvnQP0tXWoHmCL3IDgUy2JNbzOJw0erhw5WnFfHvYR605YxUt51zfXu
         D+0Vy1aRE/QWxqCgOCqbqYSScHUZpovpM+/ZkCHHf2reqRVqQplPQkfYh0A2LB93i7ja
         2PFz+AWDZdP70fbfsV1RuRMmqUjV0OZ94nnxBUIqjpfSQOFduAS/F6G0BGQeekpSr/Nf
         YPBslEFpRMlIaOD9Njux6db710Tm0UIDhhWqnoc5x6aExRebxDVtfm94Hm/le+gmDwkz
         itcg==
X-Received: by 10.69.0.168 with SMTP id az8mr9387524pbd.51.1378572956079; Sat,
 07 Sep 2013 09:55:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.70.41.111 with HTTP; Sat, 7 Sep 2013 09:55:25 -0700 (PDT)
In-Reply-To: <CAFMT4Npvz8+PrSZQx=P375TSQLsCX7L=a3iYm6Kz_7rSLOiiJA@mail.gmail.com>
References: <CAGa2bXaf0MefCj6s_MEbJmnSk8G+hvm5CMNyH_ODeRhSub5LRg@mail.gmail.com>
 <CAPwsocFgv2dNGo7+5KxayrSinvm8aieKvj-WcT21ACAPLMCBrg@mail.gmail.com>
 <CAGa2bXbptncHo5vNwuySvhj8hPLFg14u4jVu8tDptVKfN7S=3A@mail.gmail.com>
 <CAFMT4NrxFciCZL4ENdSCqRW3cYyWWKQFWMJRM+95FBkDXPaPkg@mail.gmail.com>
 <522B4F8D.2040107@mjburgess.co.uk> <op.w21u24l6c9evq2@nikita-pc> <CAFMT4Npvz8+PrSZQx=P375TSQLsCX7L=a3iYm6Kz_7rSLOiiJA@mail.gmail.com>
Date: Sat, 7 Sep 2013 18:55:25 +0200
Message-ID: <CAA9esyTKAGGqchq-Aq9W8E=aZJmuNVb2ysb1SgkPKoHvbFhijw@mail.gmail.com>
To: Levi Morrison <morrison.levi@gmail.com>
Cc: Nikita Nefedov <inefedor@gmail.com>, internals <internals@lists.php.net>, 
	Michael John Burgess <michael@mjburgess.co.uk>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] [RFC] Escaping RFC for PHP Core - Updates?
From: florinpatan@gmail.com (Florin Patan)

On Sat, Sep 7, 2013 at 6:43 PM, Levi Morrison <morrison.levi@gmail.com> wrote:
> On Sat, Sep 7, 2013 at 10:36 AM, Nikita Nefedov <inefedor@gmail.com> wrote:
>
>> On Sat, 07 Sep 2013 20:08:45 +0400, Michael John Burgess <
>> michael@mjburgess.co.uk> wrote:
>>
>>  On 07/09/2013 15:41, Levi Morrison wrote:
>>>
>>>> It looks nicer than Escaper::escapeJs(), Escaper::escapeHtml(), etc.
>>>>>
>>>>> Any comments?
>>>>>
>>>>
>>>>
>>>> Please, don't go down this route. You do not want one class to escape all
>>>> kinds of data; delegate each type of escaping to its own class:
>>>>
>>>> JavaScriptEscaper->escape();
>>>> PhpEscaper->escape();
>>>> HtmlEscaper->escape();
>>>> HtmlAttributeEscaper->escape()**;
>>>>
>>>> I should not have to defend this but I am willing to explain in more
>>>> detail
>>>> if someone would like me to.
>>>>
>>>>
>>>
>>> There doesnt need to be any object-oriented version for this problem.
>>> It's a series of pure functions. Wraping them in one or more classes adds
>>> nothing.
>>>
>>> Michael
>>>
>>>
>> Hi,
>>
>> Wrapping those functions in methods means they can be extended in child
>> classes. So suppose you have some library that takes object of type
>> Spl_Escaper and uses its methods for escaping some data. Now if you will
>> need some additional escaping you just need to make child class for
>> Spl_Escaper and override methods which behavior you need to change. This
>> can't be done with pure functions (in PHP).
>
>
> You have a flawed understanding of good functional design. Instead of
> directly calling the escaping function you would simply ask for a callable
> and pass in the escaping function. Thus, you could use an alternative
> escaping function at runtime.
>
> The methods route is a poor choice. If we use classes at all, separate the
> responsibility of each type of escaping to a separate class. Escaping JSON
> and HTML code have little (possibly nothing) in common and do not belong in
> the same class.


How about allowing to register a custom escape function for each type
which can override the native one or the previous registered one?
There should be no way to restore a previous user registered function
but there should be a way to reset it to the internal php one. That
would solve the described problem as well as keeping it simple.
And having this as a class doesn't add anything imho, mainly due to
the point described above by Levi.


Kind regards
----
Florin Patan
https://github.com/dlsniper
http://www.linkedin.com/in/florinpatan