Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:91846 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 8038 invoked from network); 22 Mar 2016 14:43:52 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 Mar 2016 14:43:52 -0000 Authentication-Results: pb1.pair.com smtp.mail=colinodell@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=colinodell@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.50 as permitted sender) X-PHP-List-Original-Sender: colinodell@gmail.com X-Host-Fingerprint: 209.85.218.50 mail-oi0-f50.google.com Received: from [209.85.218.50] ([209.85.218.50:35882] helo=mail-oi0-f50.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id A2/A7-46740-62A51F65 for ; Tue, 22 Mar 2016 09:43:50 -0500 Received: by mail-oi0-f50.google.com with SMTP id r187so177908653oih.3 for ; Tue, 22 Mar 2016 07:43:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=LAj6n7xQRIUVX1Hf5eKiusRc9m4rKyQwBvOG5guifbo=; b=TV/GvbB0zijYTVG9ZAJE1X4GQDuByUpcfGmafbVu2Ls1TcCpTV3swNnNT3jt7Vg05k FU8KZ2WHxdyIQqO1KwF/gHFExLWYiNxEsDKI0Lmbx89uRWZ2CcoNwxPAXKn1kXoGWIPA nmxZjwXUTt2MsXSGgehixk8+8ItXI1zhaVNq0rrrX9jtUjdREas8mO8yZLt4786NEtYb Dl/aunRSiGTT8ib13+tF3Q4gSuYOpcdNvXz+4kvMOEcvzyErQXZHXEFk7E9aa7hsv24m +HeF1XUQlaflhKgOBx9vZlc2pzbr6cFNDiQq6iOOG0CM5NL9ZRS+BMn1kUlI6+RJ+p/b INKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=LAj6n7xQRIUVX1Hf5eKiusRc9m4rKyQwBvOG5guifbo=; b=B/rhj0bvKEc8pi2C7rBa4Uy4GMxte5epIzU8mB9sFcDi6hFUf06L354NuTHmqGCjho e5S1yLTwC7f/+FL6hguAZqV1s9512LoHpJS6vB2NN0aPUKji8roCHzk6reVbByGxe6nH gA1ixT6JuUUKG5Q9NME2P9Amq9dKpKtCA71/RTX/vAArhXKvTHGjqRJenYDRU5j5kZ66 X7R94NiPF8nTSqMuv0H/rTF0dZm3cnDexF6EjwI8xzSD9zkl4HQdybiCrvDCuXX/ns2T W2c0ignZ/JDG9kDiVI30/EWv/UYWJBPu8FDsCb+xzGOmV1uC8UF++KzJHK06typTpgvs 2Okw== X-Gm-Message-State: AD7BkJK/mbDje4h3t/khgIEyqqbe3j62KYJ4kZzLqkieaJSyCkJoCQNueFE7E3xqck0ixkahH1evWYKRZ9YRvQ== X-Received: by 10.157.61.119 with SMTP id a110mr3308515otc.59.1458657827101; Tue, 22 Mar 2016 07:43:47 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Tue, 22 Mar 2016 14:43:37 +0000 Message-ID: To: =?UTF-8?Q?Jan_Tvrd=C3=ADk?= , internals@lists.php.net Content-Type: multipart/alternative; boundary=001a11c02514a22376052ea43d14 Subject: Re: [PHP-DEV] RFC about automatic template escaping From: colinodell@gmail.com ("Colin O'Dell") --001a11c02514a22376052ea43d14 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Daniel, This is a really interesting idea! However, I'm unsure whether it's wise to bring this feature in without having the community test and validate it first. Would it be possible to release this as an extension first so we can gauge its stability and desirability in "the real world"? As far as the implementation goes, one thing I don't like is the complexity involved to output unescaped HTML. I'd strongly prefer to do something like than having to instantiate a special class every time I need to output some raw HTML. Also, I know some templating systems (like Twig) allow you to specify different escaping strategies: http://twig.sensiolabs.org/doc/filters/escape.html Would this proposed feature have any similar functionality? Best regards, Colin On Tue, Mar 22, 2016 at 9:26 AM Jan Tvrd=C3=ADk wrote: > On Tue, 22 Mar 2016 14:01:09 +0100, Craig Duncan > wrote: > > >> > >> > >> Why do you assume that Latte parser is limited by regexp ability to > >> parse > >> HTML? > > > > > > Because it is: > > > https://github.com/nette/latte/blob/19b759b550caaad75ca0dee5f0d85f9ffb59c= 845/src/Latte/Parser.php#L124 > > No. That argument would only be valid, if the parser consisted only of a > single regexp. When you combine PHP code with PCRE you loose nothing from > PHP's turing completeness and it's ability to parse HTML. > > That being said I'm not claiming that Latte parser is 100 % correct HTML > parser (neither is most existing HTML parsers in the world). I'm saying > that it could be (to the extend of what's possible to statically analyze, > i.e. if editor could highlight the code properly). > > Regards, > Jan Tvrdik > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > --001a11c02514a22376052ea43d14--