Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94094
Return-Path: <me@kelunik.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 96587 invoked from network); 17 Jun 2016 20:32:01 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 17 Jun 2016 20:32:01 -0000
Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.216 cause and error)
X-PHP-List-Original-Sender: me@kelunik.com
X-Host-Fingerprint: 81.169.146.216 mo4-p00-ob.smtp.rzone.de  
Received: from [81.169.146.216] ([81.169.146.216:17474] helo=mo4-p00-ob.smtp.rzone.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 2C/3D-18862-F3E54675 for <internals@lists.php.net>; Fri, 17 Jun 2016 16:32:00 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1466195516; l=4772;
	s=domk; d=kelunik.com;
	h=Content-Type:To:Subject:Date:From:In-Reply-To:References:
	MIME-Version;
	bh=myq4zlnHQM3TfgHGHOCMNvL6xm+mhwn7lIiX78iVw4Y=;
	b=QX1neKrAOxpirOqs2NNtFFmtg+Kx863eTrqMlje+9gWp5qa9+1/+OlKBSAyiB2btlTs
	wmMXJn28cICXCWRlGDGgcGT9ZPFhgrc6F7BmA1i/iRNrZsJn6yJqkJncNp9eJxO8essG+
	6lNQITOueBv+ywYjj9R5+ZZC/7MnG34VK7M=
X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLGvomb4bl9EfHtO3c6
X-RZG-CLASS-ID: mo00
Received: from mail-wm0-f44.google.com ([74.125.82.44])
	by smtp.strato.de (RZmta 38.6 AUTH)
	with ESMTPSA id J0664cs5HKVtETe
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp384r1 with 384 ECDH bits, eq. 7680 bits RSA))
	(Client did not present a certificate)
	for <internals@lists.php.net>;
	Fri, 17 Jun 2016 22:31:55 +0200 (CEST)
Received: by mail-wm0-f44.google.com with SMTP id f126so2708064wma.1
        for <internals@lists.php.net>; Fri, 17 Jun 2016 13:31:55 -0700 (PDT)
X-Gm-Message-State: ALyK8tKMNRXHpxmgQ1W9r+TsFFDJZ3hpMovQbns8EBjDGHDEYcvw9IyfccKOSwRzjGaKgDhUUHbPId1YqJScJA==
X-Received: by 10.28.20.139 with SMTP id 133mr293997wmu.19.1466195515630; Fri,
 17 Jun 2016 13:31:55 -0700 (PDT)
MIME-Version: 1.0
References: <CAEDdnaX_KbaZB=3WzFAp73E0dCxx5zuoqMbPbakMUGpHyRPJFg@mail.gmail.com>
In-Reply-To: <CAEDdnaX_KbaZB=3WzFAp73E0dCxx5zuoqMbPbakMUGpHyRPJFg@mail.gmail.com>
Date: Fri, 17 Jun 2016 20:31:46 +0000
X-Gmail-Original-Message-ID: <CANUQDChTNwfQ9e+Y8UCtKA+vdf4Fb28P_zS4bRz2f2Nqv9QmkA@mail.gmail.com>
Message-ID: <CANUQDChTNwfQ9e+Y8UCtKA+vdf4Fb28P_zS4bRz2f2Nqv9QmkA@mail.gmail.com>
To: =?UTF-8?B?0JzQuNGF0LDQuNC7INCS0L7RgdGC0YDQuNC60L7Qsg==?= <michael.vostrikov@gmail.com>, 
	internals@lists.php.net
Content-Type: multipart/alternative; boundary=001a1145b52ce1730d05357f3e36
Subject: Re: [PHP-DEV] New escaped output operator
From: me@kelunik.com (Niklas Keller)

--001a1145b52ce1730d05357f3e36
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi,

the issue is that things have to be escaped dependent on the context. If
you are in a HTML context you need different escaping than you need in a
CSS or JS block. The escaping should also be aware of the content encoding.
All that makes it difficult for PHP to directly support such an operator.

You can always alias "e" or something like that to be your default escape
function.

Regards, Niklas

=D0=9C=D0=B8=D1=85=D0=B0=D0=B8=D0=BB =D0=92=D0=BE=D1=81=D1=82=D1=80=D0=B8=
=D0=BA=D0=BE=D0=B2 <michael.vostrikov@gmail.com> schrieb am Fr., 17. Juni
2016, 21:29:

> Hello. I was thinking about a presence of escaped output operator in PHP
> and found this feature request: https://bugs.php.net/bug.php?id=3D62574. =
I
> think this is quite necessary feature. There are a lot of projects which =
is
> written without templating engine, and there are frameworks without
> built-in templating engine by default. All this projects require to write
> the code. Usually it is rather simple to switch to new version of languag=
e,
> but it is almost impossible to switch many and many templates on a
> templating engine.
>
> Most of output code is an output of properties of database entities, and
> only in some cases it's needed to concatenate HTML into string and then
> print it with unescaped output. Escaped output operator can be useful. Al=
so
> we output data not into the void and not into simple text file, but into
> HTML-document which has a certain format (markup). Also this is logical -
> to have both forms, escaped and unescaped.
>
> I want to suggest the operator "<?~ $str ?>", which will automatically wr=
ap
> output in htmlspecialchars(). It is mentioned in the feature request abov=
e.
> It is quite easy to type, and there is a small possibility to write "<?=
=3D
> ?>" instead.
>
> In PHP 7 there are new operators and other changes. I think, new echo
> operator also can be added. I can implement it myself.
>

--001a1145b52ce1730d05357f3e36--