Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:91846
Return-Path: <colinodell@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 8038 invoked from network); 22 Mar 2016 14:43:52 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 22 Mar 2016 14:43:52 -0000
Authentication-Results: pb1.pair.com smtp.mail=colinodell@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=colinodell@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.50 as permitted sender)
X-PHP-List-Original-Sender: colinodell@gmail.com
X-Host-Fingerprint: 209.85.218.50 mail-oi0-f50.google.com  
Received: from [209.85.218.50] ([209.85.218.50:35882] helo=mail-oi0-f50.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id A2/A7-46740-62A51F65 for <internals@lists.php.net>; Tue, 22 Mar 2016 09:43:50 -0500
Received: by mail-oi0-f50.google.com with SMTP id r187so177908653oih.3
        for <internals@lists.php.net>; Tue, 22 Mar 2016 07:43:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
        bh=LAj6n7xQRIUVX1Hf5eKiusRc9m4rKyQwBvOG5guifbo=;
        b=TV/GvbB0zijYTVG9ZAJE1X4GQDuByUpcfGmafbVu2Ls1TcCpTV3swNnNT3jt7Vg05k
         FU8KZ2WHxdyIQqO1KwF/gHFExLWYiNxEsDKI0Lmbx89uRWZ2CcoNwxPAXKn1kXoGWIPA
         nmxZjwXUTt2MsXSGgehixk8+8ItXI1zhaVNq0rrrX9jtUjdREas8mO8yZLt4786NEtYb
         Dl/aunRSiGTT8ib13+tF3Q4gSuYOpcdNvXz+4kvMOEcvzyErQXZHXEFk7E9aa7hsv24m
         +HeF1XUQlaflhKgOBx9vZlc2pzbr6cFNDiQq6iOOG0CM5NL9ZRS+BMn1kUlI6+RJ+p/b
         INKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=LAj6n7xQRIUVX1Hf5eKiusRc9m4rKyQwBvOG5guifbo=;
        b=B/rhj0bvKEc8pi2C7rBa4Uy4GMxte5epIzU8mB9sFcDi6hFUf06L354NuTHmqGCjho
         e5S1yLTwC7f/+FL6hguAZqV1s9512LoHpJS6vB2NN0aPUKji8roCHzk6reVbByGxe6nH
         gA1ixT6JuUUKG5Q9NME2P9Amq9dKpKtCA71/RTX/vAArhXKvTHGjqRJenYDRU5j5kZ66
         X7R94NiPF8nTSqMuv0H/rTF0dZm3cnDexF6EjwI8xzSD9zkl4HQdybiCrvDCuXX/ns2T
         W2c0ignZ/JDG9kDiVI30/EWv/UYWJBPu8FDsCb+xzGOmV1uC8UF++KzJHK06typTpgvs
         2Okw==
X-Gm-Message-State: AD7BkJK/mbDje4h3t/khgIEyqqbe3j62KYJ4kZzLqkieaJSyCkJoCQNueFE7E3xqck0ixkahH1evWYKRZ9YRvQ==
X-Received: by 10.157.61.119 with SMTP id a110mr3308515otc.59.1458657827101;
 Tue, 22 Mar 2016 07:43:47 -0700 (PDT)
MIME-Version: 1.0
References: <CACNm7o9-6z0rxAAxnWyUFhYU+YD-QnecWrJF-PQ=z+a9qNQ=EA@mail.gmail.com>
 <CAGa2bXbjNQXwVsFmGgFVUPCFV-t2Tye+xA3MDNpA_ydjvCQ3jA@mail.gmail.com>
 <CACNm7o9NNVFrgqeufBoDgyhE-eGQix6bZwq=XGVwsROSXVb5Ag@mail.gmail.com>
 <op.yep7fksgzsg2np@hnb2> <CADyq6s+=DtuqVghNpXVT9t4rgLFp4tM3KGqv4ki+ZFwKiVzeEg@mail.gmail.com>
 <op.yep74rkmzsg2np@hnb2> <CAHE1Edtn_cQuUUMEt5zgj6Y-UaKSB0u8A5WNXm=+m_F2-N9-3A@mail.gmail.com>
 <op.yep98qw9zsg2np@hnb2>
In-Reply-To: <op.yep98qw9zsg2np@hnb2>
Date: Tue, 22 Mar 2016 14:43:37 +0000
Message-ID: <CAJaRsPtCNNLAy48LmGpy7jxAwMiWcwBpfJxkX7KosycLvCPV-A@mail.gmail.com>
To: =?UTF-8?Q?Jan_Tvrd=C3=ADk?= <j.tvr@centrum.cz>, internals@lists.php.net
Content-Type: multipart/alternative; boundary=001a11c02514a22376052ea43d14
Subject: Re: [PHP-DEV] RFC about automatic template escaping
From: colinodell@gmail.com ("Colin O'Dell")

--001a11c02514a22376052ea43d14
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Daniel,

This is a really interesting idea!  However, I'm unsure whether it's wise
to bring this feature in without having the community test and validate it
first.  Would it be possible to release this as an extension first so we
can gauge its stability and desirability in "the real world"?

As far as the implementation goes, one thing I don't like is the complexity
involved to output unescaped HTML.  I'd strongly prefer to do something
like <?=3Draw($someVariable) ?> than having to instantiate a special class
every time I need to output some raw HTML.

Also, I know some templating systems (like Twig) allow you to specify
different escaping strategies:
http://twig.sensiolabs.org/doc/filters/escape.html  Would this proposed
feature have any similar functionality?

Best regards,

Colin

On Tue, Mar 22, 2016 at 9:26 AM Jan Tvrd=C3=ADk <j.tvr@centrum.cz> wrote:

> On Tue, 22 Mar 2016 14:01:09 +0100, Craig Duncan <php@duncanc.co.uk>
> wrote:
>
> >>
> >>
> >> Why do you assume that Latte parser is limited by regexp ability to
> >> parse
> >> HTML?
> >
> >
> > Because it is:
> >
> https://github.com/nette/latte/blob/19b759b550caaad75ca0dee5f0d85f9ffb59c=
845/src/Latte/Parser.php#L124
>
> No. That argument would only be valid, if the parser consisted only of a
> single regexp. When you combine PHP code with PCRE you loose nothing from
> PHP's turing completeness and it's ability to parse HTML.
>
> That being said I'm not claiming that Latte parser is 100 % correct HTML
> parser (neither is most existing HTML parsers in the world). I'm saying
> that it could be (to the extend of what's possible to statically analyze,
> i.e. if editor could highlight the code properly).
>
> Regards,
> Jan Tvrdik
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--001a11c02514a22376052ea43d14--