Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:91837
Return-Path: <TonyMarston@hotmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 82010 invoked from network); 22 Mar 2016 09:27:38 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 22 Mar 2016 09:27:38 -0000
X-Host-Fingerprint: 80.177.120.119 marston-home.demon.co.uk  
Received: from [80.177.120.119] ([80.177.120.119:2900] helo=localhost.localdomain)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id B4/D3-46740-90011F65 for <internals@lists.php.net>; Tue, 22 Mar 2016 04:27:38 -0500
Message-ID: <B4.D3.46740.90011F65@pb1.pair.com>
To: internals@lists.php.net
References: <CACNm7o9-6z0rxAAxnWyUFhYU+YD-QnecWrJF-PQ=z+a9qNQ=EA@mail.gmail.com> <CAGa2bXbjNQXwVsFmGgFVUPCFV-t2Tye+xA3MDNpA_ydjvCQ3jA@mail.gmail.com> <CACNm7o9NNVFrgqeufBoDgyhE-eGQix6bZwq=XGVwsROSXVb5Ag@mail.gmail.com> <56EFE897.3070804@gmail.com>
In-Reply-To: <56EFE897.3070804@gmail.com>
Date: Tue, 22 Mar 2016 09:27:05 -0000
Lines: 1
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="utf-8";
	reply-type=response
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Newsreader: Microsoft Windows Live Mail 16.4.3564.1216
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3564.1216
X-Posted-By: 80.177.120.119
Subject: Re: [PHP-DEV] RFC about automatic template escaping
From: TonyMarston@hotmail.com ("Tony Marston")

"Rowan Collins"  wrote in message news:56EFE897.3070804@gmail.com...
>
>Daniel Beardsley wrote on 21/03/2016 06:35:
>> You are right. Though not all those problems are serious:
>> * URI escaping:
>>    Does anyone really use <?= ?> or echo when generating a uri?
>> * Javascript:
>>    Good point, though I would say it's fairly rare to create javascript
>>    code using a php template with variables. The most we ever do
>>    in our app is  <?= json_encode($someArray) ?>
>
>I've done both of these in the past (using Smarty, in my case); here's some 
>example uses:
>
><a href="/products/<?= $product['category'] ?>/<?= $product['id'] ?>"><?= 
>$product['name'] ?></a>
>
><script>var debug_session_id = '<?= get_debug_session_id() ?>';</script>
>
>Now, I'm not saying there aren't better ways of doing these things, but 
>people absolutely do it like this, and a hook into something as fundamental 
>as "echo" can't really rely on "it's quite rare" as an excuse for not 
>accounting for them.
>
>Regards,

I think the whole idea of trying to execute some application logic after the 
data has been sent to the templating engine is wrong. I don't use Smarty but 
I do use XSLT as my templating engine. This means that I have to copy all 
the relevant data to an XML document before I perform the XSL 
transformation. There is no need for any application code to be executed in 
the transformation process simply because I executed that code BEFORE it was 
copied to the XML document.

You should try executing your application logic BEFORE you send your data to 
Smarty, then you won't have to bend the templating system to do something it 
was not designed to do.

-- 
Tony Marston