Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94097 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 4453 invoked from network); 17 Jun 2016 22:20:55 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 17 Jun 2016 22:20:55 -0000 Authentication-Results: pb1.pair.com smtp.mail=walterp@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=walterp@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.50 as permitted sender) X-PHP-List-Original-Sender: walterp@gmail.com X-Host-Fingerprint: 209.85.213.50 mail-vk0-f50.google.com Received: from [209.85.213.50] ([209.85.213.50:36134] helo=mail-vk0-f50.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id B8/6E-18862-6C774675 for ; Fri, 17 Jun 2016 18:20:54 -0400 Received: by mail-vk0-f50.google.com with SMTP id u64so133329595vkf.3 for ; Fri, 17 Jun 2016 15:20:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Cu2bbm5N2hQNur0zVgH18xmDvtkc3c+yzyGs199qh7Q=; b=UNJf3kSlotvdz+owBOWyvOI5kSkE+ULr/hMXD2/YWLZnKYwimPB76jJVNkMhA3dwZm +pIL1299FhRln7+AG2PLsV3bYP30tOUe51Wz3RA+Wz1vlGOcXDTLkc4ue7pJb3IZfzND CgO/aHnM40XbrXtBZ1dLC77JbsYym/NJOrih98unHT1rVPuQqmezP6YRvGadHN6B6Brw BeLLfPJtqrhBknTcJ8TuAFSRWQ0UVk6hYf0O2XP71UnT2U9uqZtKTmbVffBHWWno+Emk GLZQhD8VGYK7yXsJZyllpE3tHJbEA6PUle2smqbz5VrWxFW9f8IrqT9lImF+MJRxyc3g cZUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Cu2bbm5N2hQNur0zVgH18xmDvtkc3c+yzyGs199qh7Q=; b=l3yjpQc2ln7POQE4AgovLt7Qp/vffxDUPiLVtC6/5TUiIKhCYC3lkGPfgqoX1zdrHf Y6sBjXk6/ZX+epZPukUjHPJnokuxl3mscgfq67S3JhVswpkh3Y8VFV3miCaj3pyEFE7x /ifU9qsMUagYoPM2lZQ00Z/AcKz7glcbokMrw5MCID42Tjv7M0ny6fI6lEQGgG9TDZZO vIsMs9uXggTsHFn43HG+d5E8kTAcyKLvtcB/LQMoapvFhpky0OeIKuGoPbBqHJagazqo PrimFrMAsq9mRI62t7N5cDKLrWjdw6KulctBroMqkmpSQrkPMb6eF3jISWnYe5C7uKhd W6dg== X-Gm-Message-State: ALyK8tJ0XlyKo/PMJuwp1MAHP2eCKQL1n6UoE7kWJ7vg0PpoFgEOtci7ofcOmsCQxIzExD07qQMFCdzSGPNEpg== X-Received: by 10.176.5.33 with SMTP id 30mr1613050uax.156.1466202051576; Fri, 17 Jun 2016 15:20:51 -0700 (PDT) MIME-Version: 1.0 Received: by 10.103.108.135 with HTTP; Fri, 17 Jun 2016 15:20:50 -0700 (PDT) In-Reply-To: <20160617203734.8BEB11A80C02@dd1730.kasserver.com> References: <20160617203734.8BEB11A80C02@dd1730.kasserver.com> Date: Fri, 17 Jun 2016 15:20:50 -0700 Message-ID: To: Thomas Bley Cc: michael.vostrikov@gmail.com, PHP Internals , me@kelunik.com Content-Type: multipart/alternative; boundary=94eb2c125464740b59053580c473 Subject: Re: [PHP-DEV] New escaped output operator From: walterp@gmail.com (Walter Parker) --94eb2c125464740b59053580c473 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Thomas, are you actually reading and understanding what the others are saying? You seem to be answering questions that have not been asked or giving the simple, easy and wrong answer. Walter On Fri, Jun 17, 2016 at 1:37 PM, Thomas Bley wrote: > using the default encoding from php.ini's default_charset should be no > problem, htmlspecialchars() already does it if the encoding parameter is > not provided. > > Regards > Thomas > > Niklas Keller wrote on 17.06.2016 22:31: > > > Hi, > > > > the issue is that things have to be escaped dependent on the context. I= f > > you are in a HTML context you need different escaping than you need in = a > > CSS or JS block. The escaping should also be aware of the content > encoding. > > All that makes it difficult for PHP to directly support such an operato= r. > > > > You can always alias "e" or something like that to be your default esca= pe > > function. > > > > Regards, Niklas > > > > =D0=9C=D0=B8=D1=85=D0=B0=D0=B8=D0=BB =D0=92=D0=BE=D1=81=D1=82=D1=80=D0= =B8=D0=BA=D0=BE=D0=B2 schrieb am Fr., > > 17. Juni > > 2016, 21:29: > > > >> Hello. I was thinking about a presence of escaped output operator in P= HP > >> and found this feature request: https://bugs.php.net/bug.php?id=3D6257= 4. > I > >> think this is quite necessary feature. There are a lot of projects > which is > >> written without templating engine, and there are frameworks without > >> built-in templating engine by default. All this projects require to > write > >> the code. Usually it is rather simple to switch to new version of > language, > >> but it is almost impossible to switch many and many templates on a > >> templating engine. > >> > >> Most of output code is an output of properties of database entities, a= nd > >> only in some cases it's needed to concatenate HTML into string and the= n > >> print it with unescaped output. Escaped output operator can be useful. > Also > >> we output data not into the void and not into simple text file, but in= to > >> HTML-document which has a certain format (markup). Also this is logica= l > - > >> to have both forms, escaped and unescaped. > >> > >> I want to suggest the operator "", which will automatically > wrap > >> output in htmlspecialchars(). It is mentioned in the feature request > above. > >> It is quite easy to type, and there is a small possibility to write "<= ?=3D > >> ?>" instead. > >> > >> In PHP 7 there are new operators and other changes. I think, new echo > >> operator also can be added. I can implement it myself. > >> > > > > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > --=20 The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandei= s --94eb2c125464740b59053580c473--