Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94637 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 24927 invoked from network); 22 Jul 2016 17:13:05 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 Jul 2016 17:13:05 -0000 Authentication-Results: pb1.pair.com smtp.mail=michael.vostrikov@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=michael.vostrikov@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.193 as permitted sender) X-PHP-List-Original-Sender: michael.vostrikov@gmail.com X-Host-Fingerprint: 209.85.216.193 mail-qt0-f193.google.com Received: from [209.85.216.193] ([209.85.216.193:35848] helo=mail-qt0-f193.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 9E/C6-24343-E1452975 for ; Fri, 22 Jul 2016 13:13:04 -0400 Received: by mail-qt0-f193.google.com with SMTP id u25so5473098qtb.3 for ; Fri, 22 Jul 2016 10:13:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:cc; bh=1fL3y3nWklVNDis4OGYwGq110TAd7iY84En7/DyPTDc=; b=ufNqUTySiBpnQTtuspoKJYa+CV0sbyiG9ANxbFHT45jhYtin2BWOsQJJRG7oXbigTA TqqNDGfAsP48IKP612Hi41MzJ2GtXHSYWIc4pouaoQoBxOUS9FUa76TZoyAZz9dheWQO vRcdtDCKfkq1VGVR/JkgpMqfh3PTO5hOAW1ZsNEqI9yrWdLJAhoK44pAnDiJ1RejCNkM pVPZcGYKkKdyLmxTaCgk5+4Dpag9qKiaQ2rUFkmIbtuoMIqeeJTN7vDmhNhg3CJCzy9Z xWyB4zDk0xgsJZ9kh+ALa7dm8MllGj0ms9iw9vcMUrIVZw65NPJE8Ir4d9wMsRWFaXT2 RZ2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:cc; bh=1fL3y3nWklVNDis4OGYwGq110TAd7iY84En7/DyPTDc=; b=eXovCGoMDUDTrFy/iWU+/bhRiAYzaolPnQ8N+uM077oEBXlamVpSc3hVR11+ZAN5b1 H+6c6NLACXZNropqV/yplB14gN9Zvve+3Xpm8mfwo7kBnKmueEmPaJfHLEzeCWm0vOBY iRHiAYyc040u+SHZFKO9981rA2hf1ogsrKjdBvd9VYSJ1JKLkTbTxpSXtv4mZV74tx/S Y3VPuGp8E6+vBzhAtTRtVpe17Te9Ddcm/H+Dddyy88zRrUe4GmhUprnnwbz/yujhldUn hT7FadxAHjBwNB8aRWNUYHZ4QuTuUpBuHiaP4Khka94wLJ+t1Co05cwuy1Aaj7HrSdYs XqJw== X-Gm-Message-State: AEkooushad9klqhoWCwgD6+p65zwpuN47RykFC/mbPtPPvU6k8AivOtsP/ieiIbMVAuP01kgIWUlTY39qRn/pA== X-Received: by 10.237.36.38 with SMTP id r35mr7911698qtc.3.1469207579877; Fri, 22 Jul 2016 10:12:59 -0700 (PDT) MIME-Version: 1.0 Received: by 10.55.189.135 with HTTP; Fri, 22 Jul 2016 10:12:58 -0700 (PDT) In-Reply-To: References: <8a39df34-4a23-c496-15f6-20a62d27fc59@gmail.com> Date: Fri, 22 Jul 2016 22:12:58 +0500 Message-ID: Cc: PHP Internals Content-Type: multipart/alternative; boundary=001a113d3aace6706105383c8b2c Subject: Re: [PHP-DEV] [RFC] New operator for context-dependent escaping From: michael.vostrikov@gmail.com (Michael Vostrikov) --001a113d3aace6706105383c8b2c Content-Type: text/plain; charset=UTF-8 > I'm conflicted with this one. For you php "More than 90% of output data - is data from DB and must be HTML-encoded." > I have no idea how you came with this, even with applications or websites I'm working on not using a template engine this is far from the truth. > especially now that more ans more web application are consuming json API, the backend often produce mostly json & xml. This is from my experience and from the poll. 35% + 23% people work 'with the projects with template rendering on PHP where template engines are not used' always or quite often. And in such applications there are many constructions like property) ?>, except values with HTML or constructions like , which is quite rare case. Also, HTML escaping can be used in XML templates. Of course, for JSON API this operator is useless, as well as for applications with template engine. > I don't think "json" escaping should produce an array JSON is object notation. This is unclear why I wrote 'b'], 'json' ?>, but don't get this value encoded in JSON. But you are right, if array is casted to string, this is escaping. --001a113d3aace6706105383c8b2c--