Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94569 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 9988 invoked from network); 18 Jul 2016 21:16:29 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 18 Jul 2016 21:16:29 -0000 Authentication-Results: pb1.pair.com smtp.mail=marcio.web2@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=marcio.web2@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.161.182 as permitted sender) X-PHP-List-Original-Sender: marcio.web2@gmail.com X-Host-Fingerprint: 209.85.161.182 mail-yw0-f182.google.com Received: from [209.85.161.182] ([209.85.161.182:33369] helo=mail-yw0-f182.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 23/49-52781-C274D875 for ; Mon, 18 Jul 2016 17:16:28 -0400 Received: by mail-yw0-f182.google.com with SMTP id r9so22042714ywg.0 for ; Mon, 18 Jul 2016 14:16:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=wQEiiDJE2si+q8aI6hkE/fECwW7SUrTCqzhAV7WXZiw=; b=kLKl8l82xvjCgELtyNhkuP3vcGwfkyN7gB9OVc2oSZ8fc1G9k8FYFESMA/sIQKzbi0 ZNgtVX61ngbhANSmIy/V9Hgn3jhnFTxFCLBfCRMq1XZLeFBKU0m1ujzkhUDr5ZGtrruX uOcSdTZSeCe4IehEMkgcDKTABnWyhiRdO//29GXnAdeS7kuppce5th78y7NrXZ4fxvgJ 1I2wJPAsW51UCKJTlLcQcV7rMlimCyBP1C64372vjJ0QQXGkzyIrD+8paiHZve/IYbJQ KgxSsDRUlCwiJDK6C1MZaHPEp9Y8oUbbC9uXrjNrXwkDOO/lPQ3FR45Ci5jH8e8HI7ZV NGxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=wQEiiDJE2si+q8aI6hkE/fECwW7SUrTCqzhAV7WXZiw=; b=FSca5Ets1mzvKXlIhBSgYQg/VlI9e/z0657DzwKsWed7bu1uMMabbdW1JFMIg/voHt WZD7p6wvm6aHR1ORnXd/HeaUqgdckTk4fzcdC7FwL8Fl5NqQYwn/na62O5X1VLitdRvo eas1eQ+7di3IMBB22a7XOTQod+DanPE6ySft0C9MvVp9PGy7dBsi0YttaRQLrVPah+G8 xA82Z6Zj5XBWTuHhFo+Z4KGZQ6dC5dlkV1PAlhksUIg2YJ4b5hNDxWoypXocbA9cfooY a0cXI9D58ZP2YMJM63whAdDnsEEH27VNvuq/JxqogOj41bhWGSPPrRTGQVgSNx+LM1m+ LAWg== X-Gm-Message-State: ALyK8tJMXTyMTWFxfYHPq4nay24zcAYBlYsnHAChrTg8Y1fMdcKkaCN9EEvJNYP62J6sgeBUWukfakmhSZW9xQ== X-Received: by 10.129.178.72 with SMTP id q69mr24637997ywh.77.1468876585715; Mon, 18 Jul 2016 14:16:25 -0700 (PDT) MIME-Version: 1.0 Received: by 10.37.63.5 with HTTP; Mon, 18 Jul 2016 14:16:06 -0700 (PDT) In-Reply-To: References: Date: Mon, 18 Jul 2016 17:16:06 -0400 Message-ID: To: Rasmus Schultz Cc: Michael Vostrikov , PHP Internals Content-Type: multipart/alternative; boundary=94eb2c1464b41c4d730537ef7b24 Subject: Re: [PHP-DEV] [RFC] New operator for context-dependent escaping From: marcio.web2@gmail.com (Marcio Almada) --94eb2c1464b41c4d730537ef7b24 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable 2016-07-18 16:03 GMT-04:00 Rasmus Schultz : > > Registry of functions - is exactly how escaping is performed in Symfony > and Twig. > > For one, that does not mean it's a good idea. > > For another, the registry in Symfony (at least, I don't know about Twig) = is > inside an instance - it's not global state. > > Do you get my point that a reference to a closure is state? And if it's > global state, that's extremely bad - the entire PHP community is fighting > like hell to avoid that, with PSR-7 and layers of abstraction on top of, > well, everything, in order to make code testable. > > Catering to different skill levels is no excuse. > > Just a small rant on the global state discussion. Even though the API for *_exception_handler() and *_exception_handler() manage global state, this is not the biggest of the issues if we are talking about language level hooks. If there is something that should be allowed to manage global state by design is the programming language you're working on (when you declare a function foo(){}, you're creating state somewhere). The point is that it should be possible to manage the global state with as much isolation as possible. So code like the following should be possible: class MyTemplatingEngineRender { function render(Template $template, array $data) { $old_handlers =3D set_escape_handlers(['html' =3D> $this->htmlEscap= er, 'xml' =3D> $this->xmlEscaper, 'js' =3D> $this->jsEscaper]); // logic to render the templates and get the output set_escape_handlers($old_handlers); // OR restore_escape_handlers(); // return the rendered template ready for response } } Not defending that we should add global state as a first option for every issue, but sometimes it's just not avoidable. For this RFC in specific, it seems doable. > HTML escaping is, yes, a very pragmatic task - it's also solved already, > with htmlspecialchars() ... the main problem you appear to be solving, is > that htmlspecialchars() is too long and ugly and inconvenient, which, oka= y, > it is - but adding a global registry for that is overkill, and the whole > problem would go away if you could simply autoload functions: > >

> > Agree with that, making functions easier to use seems more appealing to me. Cheers, M=C3=A1rcio. --94eb2c1464b41c4d730537ef7b24--