Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:91837 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 82010 invoked from network); 22 Mar 2016 09:27:38 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 Mar 2016 09:27:38 -0000 X-Host-Fingerprint: 80.177.120.119 marston-home.demon.co.uk Received: from [80.177.120.119] ([80.177.120.119:2900] helo=localhost.localdomain) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id B4/D3-46740-90011F65 for ; Tue, 22 Mar 2016 04:27:38 -0500 Message-ID: To: internals@lists.php.net References: <56EFE897.3070804@gmail.com> In-Reply-To: <56EFE897.3070804@gmail.com> Date: Tue, 22 Mar 2016 09:27:05 -0000 Lines: 1 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="utf-8"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal Importance: Normal X-Newsreader: Microsoft Windows Live Mail 16.4.3564.1216 X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3564.1216 X-Posted-By: 80.177.120.119 Subject: Re: [PHP-DEV] RFC about automatic template escaping From: TonyMarston@hotmail.com ("Tony Marston") "Rowan Collins" wrote in message news:56EFE897.3070804@gmail.com... > >Daniel Beardsley wrote on 21/03/2016 06:35: >> You are right. Though not all those problems are serious: >> * URI escaping: >> Does anyone really use or echo when generating a uri? >> * Javascript: >> Good point, though I would say it's fairly rare to create javascript >> code using a php template with variables. The most we ever do >> in our app is > >I've done both of these in the past (using Smarty, in my case); here's some >example uses: > >$product['name'] ?> > > > >Now, I'm not saying there aren't better ways of doing these things, but >people absolutely do it like this, and a hook into something as fundamental >as "echo" can't really rely on "it's quite rare" as an excuse for not >accounting for them. > >Regards, I think the whole idea of trying to execute some application logic after the data has been sent to the templating engine is wrong. I don't use Smarty but I do use XSLT as my templating engine. This means that I have to copy all the relevant data to an XML document before I perform the XSL transformation. There is no need for any application code to be executed in the transformation process simply because I executed that code BEFORE it was copied to the XML document. You should try executing your application logic BEFORE you send your data to Smarty, then you won't have to bend the templating system to do something it was not designed to do. -- Tony Marston