Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94577 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 39305 invoked from network); 19 Jul 2016 05:46:55 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Jul 2016 05:46:55 -0000 Authentication-Results: pb1.pair.com header.from=michael.vostrikov@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=michael.vostrikov@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.169 as permitted sender) X-PHP-List-Original-Sender: michael.vostrikov@gmail.com X-Host-Fingerprint: 209.85.220.169 mail-qk0-f169.google.com Received: from [209.85.220.169] ([209.85.220.169:36426] helo=mail-qk0-f169.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id CC/6D-52781-ECEBD875 for ; Tue, 19 Jul 2016 01:46:54 -0400 Received: by mail-qk0-f169.google.com with SMTP id x1so6879169qkb.3 for ; Mon, 18 Jul 2016 22:46:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=vMX4PnCsfQFUPBAGb4MGwJJqHqFOpLR8vsGl/uDQc2I=; b=o4BFzbBGTZ0yb1yOF+RPz2lzC+eupe05ORsCLFNimbPgHX0rddk4UZaE8T+IXj07t0 r88z/DZNMoGS00ljhPtKlglsCjLP2q9P2VqrotSCa8oC7fXbnVV6BSRJTR44z8d8FTx3 ozKuJX6dSJRnTCmmvNznu9B2m4Z2JGZ3bch038yrTxlzkLP//j6BUpzyuPMPOKNNVqHF 3pBz1vvZIwxiO98q18HEnC3TEwMgtwrOPrVKuVQvLuaZQ2VTLh6UMRgNBaHwDgCPwRTQ SllDJuobWP4V70gUg6dTBHLVyFbtdKDObzenrFvQvkySOmchB5ST+5gEQBadLBvsTvpw IuOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=vMX4PnCsfQFUPBAGb4MGwJJqHqFOpLR8vsGl/uDQc2I=; b=ASfSB57jXsCAX3Nmjairn00JFIkXH7dRxgKxZonrSCxrAvuhCxjAy7ZRhupojZ/NQ8 ntpm8bodOxXRzf3RvuMgXjTD//IJG+zGsVN78KJBdfIv9UOOubn7d9f2MHNG2RPG44jY yWdlxzu47Vuw0kOjV2/gH5LJLFw0NJ7Mxq439CCi81zEGQOcWWYtlHTbwb07jbg7YSrn kqp+XbELiGVllje5txMzzSQt5hI+7u1YyB0ON2GkJAA3LS5AYknKCQ3XiqTZaZztghT0 1+mbwAem8gVxybMMfYchGNnUkdUkxz6Q9hRY8pC9MYJ0TOrTm4T9wOkyZH/Tc9Hf8g5q BCDA== X-Gm-Message-State: ALyK8tIVZ4MCGfXwUYf/BrttldE4pFAg3INeTUPzGYzeMiQkmUulhUi4lnjANgKDtmzp4OhdoQ4LDN696rS35Q== X-Received: by 10.55.176.130 with SMTP id z124mr50926641qke.55.1468907210989; Mon, 18 Jul 2016 22:46:50 -0700 (PDT) MIME-Version: 1.0 Received: by 10.55.189.135 with HTTP; Mon, 18 Jul 2016 22:46:50 -0700 (PDT) In-Reply-To: References: Date: Tue, 19 Jul 2016 10:46:50 +0500 Message-ID: To: PHP Internals Content-Type: multipart/alternative; boundary=94eb2c06fb2e84e53b0537f69c6e Subject: Re: [PHP-DEV] [RFC] New operator for context-dependent escaping From: michael.vostrikov@gmail.com (Michael Vostrikov) --94eb2c06fb2e84e53b0537f69c6e Content-Type: text/plain; charset=UTF-8 Rasmus > Do you get my point that a reference to a closure is state? And if it's global state, that's extremely bad - the entire PHP community is fighting like hell to avoid that, with PSR-7 and layers of abstraction on top of, well, everything, in order to make code testable. What is the difference with autoload stask? This is global state too. > the main problem you appear to be solving, is that htmlspecialchars() is too long and ugly and inconvenient, Sorry, this IS NOT main problem. I repeated this many times, in discussion and in RFC. > the registry in Symfony (at least, I don't know about Twig) is inside an instance - it's not global state. You can use your own implementation of PHP escaper, without a registry. > so the caller knows precisely what the result it, because only the caller can know the context and intent. The caller can use its own implementation. PHPEscaper is just default implementation for those who don't want to care about it. Dan > But then there is no way to restore the previous handler. Why? You can get a callable value from getHandlers() and store it into variable. Escaping does not require a stack like SPL autoload. We don't need to encode an apostrophe as '#039' and as 'apos' in different parts of template. If we need to preapre e.g. some XML template, we can 'use MyXMLEscaper as PHPEscaper' and implement there any encoding we need. > Stuff that is added to the core needs to cover all use-cases, not just the typical ones. What is such use case, could you give some example? And yes, it is possible to write own implementation, with stack. > Then please copy the set_error_handler behaviour set_error_handler is invented for, hm, error handling. As I think. the use case for escaping handlers is "if there is no handler for 'js', define this handler". So, with a behavior like set_error_handler(), registerHandler() will just overwrite existing handler, and we will have to check existsing handlers before a call of registerHandler(), instead of just to check returned result. Ok, I will change this behavior. Rasmus and Marcio >> adding a global registry for that is overkill, and the whole >> problem would go away if you could simply autoload functions: >>

> Agree with that, making functions easier to use seems more appealing to me. Why do you talking about autoloading? We can now define a global function h() which will call any function we want. For escaping this is not a problem, unlike a big set of functions from some namespace (e.g. like specific math functions). So, function autoloading is another problem. Advice about global function which was written in 2002 here https://bugs.php.net/bug.php?id=16007. But the problem with HTML escaping is still present. --94eb2c06fb2e84e53b0537f69c6e--