Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:91814 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 96942 invoked from network); 21 Mar 2016 12:29:12 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 21 Mar 2016 12:29:12 -0000 Authentication-Results: pb1.pair.com smtp.mail=rowan.collins@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=rowan.collins@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.46 as permitted sender) X-PHP-List-Original-Sender: rowan.collins@gmail.com X-Host-Fingerprint: 74.125.82.46 mail-wm0-f46.google.com Received: from [74.125.82.46] ([74.125.82.46:38054] helo=mail-wm0-f46.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id D9/C0-25142-719EFE65 for ; Mon, 21 Mar 2016 07:29:11 -0500 Received: by mail-wm0-f46.google.com with SMTP id l68so119816880wml.1 for ; Mon, 21 Mar 2016 05:29:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=897ON3wyth2tiSTc4aRO8bUSa5Z7zZpjfPbr+4v1QYk=; b=fx6qTcqfdeFbL4VosyjdyCBe6IbnLF1xt9KL5CxKlZTHeoxMI3aFlQT5gzdlEXHtzT a4euS6QuvTBcAcJZz5VTRZo/NI7a4jGNEweV5gf9ZjkN1+KTXkNCmtZ7k8sfzqFjcYJS Cbn6rhuIcGf0u0/ogtQoqzB8e+U2Gh03VD7JKVDqCDgJzjRoeOHv/BYVKGf3aJl12UB6 93UUolbOFDT/XRPcRsALWCS3yKQq3h6S6vqjdUsSotg+WwTKC8/XdAFEtQTLa0vdEOKA SZDPcWz+raCCcqmAEf7hxh7o7bqAv0HRnkI6BdhLzNFp6V6V2wuYJTsskZpf2+jsntQI 2QRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=897ON3wyth2tiSTc4aRO8bUSa5Z7zZpjfPbr+4v1QYk=; b=EvqS/lhKlu88YLQEbMkPUTX4U4c53Tf7ZZiR2t3Y+pOScvlyVglY3C7TrenW6LBW0j KsdThnCtJgWmy37W3e9cq4207j+bavMMepvzbXpe23AvgJvKCajyG4IgEuZgWiWU+QOv Fk6eoh2Pk87dNbgHveFkO2lbCAr/L0qvX9FaZKwC3/xRHgNwgDdpjQMTY6b06VV1THQr yq8n1o+WieukAHIdIhQD/boJWH4u0QugkrI/WqEdbZC6Zg2nxxs1oXwN0ofJnO5WFZj0 ehF6BAuCDl6UMjs2oIGLwE3rIdqq0xBk45aQ0+LjbaLEbvH6ixcS3oMSH9EhtXBDkE3g 1R4w== X-Gm-Message-State: AD7BkJIHWUYcuQ/YQfu3FX+35jyRMkMK96Cp8k3BXTtF4VjPCrQ6HRjXL3SH+v7BdHOFig== X-Received: by 10.194.250.103 with SMTP id zb7mr33341097wjc.65.1458563348876; Mon, 21 Mar 2016 05:29:08 -0700 (PDT) Received: from [192.168.0.82] ([93.188.182.58]) by smtp.googlemail.com with ESMTPSA id gt7sm25160046wjc.1.2016.03.21.05.29.07 for (version=TLSv1/SSLv3 cipher=OTHER); Mon, 21 Mar 2016 05:29:07 -0700 (PDT) To: internals@lists.php.net References: Message-ID: <56EFE897.3070804@gmail.com> Date: Mon, 21 Mar 2016 12:27:03 +0000 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] RFC about automatic template escaping From: rowan.collins@gmail.com (Rowan Collins) Daniel Beardsley wrote on 21/03/2016 06:35: > You are right. Though not all those problems are serious: > * URI escaping: > Does anyone really use or echo when generating a uri? > * Javascript: > Good point, though I would say it's fairly rare to create javascript > code using a php template with variables. The most we ever do > in our app is I've done both of these in the past (using Smarty, in my case); here's some example uses: Now, I'm not saying there aren't better ways of doing these things, but people absolutely do it like this, and a hook into something as fundamental as "echo" can't really rely on "it's quite rare" as an excuse for not accounting for them. Regards, -- Rowan Collins [IMSoP]