Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94681 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 19519 invoked from network); 24 Jul 2016 16:26:23 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 24 Jul 2016 16:26:23 -0000 Authentication-Results: pb1.pair.com header.from=mails@thomasbley.de; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=mails@thomasbley.de; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain thomasbley.de from 85.13.128.151 cause and error) X-PHP-List-Original-Sender: mails@thomasbley.de X-Host-Fingerprint: 85.13.128.151 dd1730.kasserver.com Received: from [85.13.128.151] ([85.13.128.151:57789] helo=dd1730.kasserver.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 71/D0-05797-E2CE4975 for ; Sun, 24 Jul 2016 12:26:23 -0400 Received: from dd1730.kasserver.com (dd0802.kasserver.com [85.13.143.1]) by dd1730.kasserver.com (Postfix) with ESMTPSA id 8ABAF1A83512; Sun, 24 Jul 2016 18:26:19 +0200 (CEST) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-SenderIP: 95.91.246.158 User-Agent: ALL-INKL Webmail 2.11 In-Reply-To: <20160724162103.BC5741A83512@dd1730.kasserver.com> References: <8a39df34-4a23-c496-15f6-20a62d27fc59@gmail.com> <4920f683-9a4d-7153-b157-a7d7ce8cbfe7@gmail.com> <933449d0-90c2-0d7a-cb80-a171289d8286@texthtml.net> <20160724145557.D52C31A80BBD@dd1730.kasserver.com><6cfac572-9982-87f8-5a55-9213d978cde9@gmx.de><20160724162103.BC5741A83512@dd1730.kasserver.com> To: internals@lists.php.net, michael.vostrikov@gmail.com, cmbecker69@gmx.de Message-ID: <20160724162619.8ABAF1A83512@dd1730.kasserver.com> Date: Sun, 24 Jul 2016 18:26:19 +0200 (CEST) Subject: Re: [PHP-DEV] [RFC] New operator for context-dependent escaping From: mails@thomasbley.de ("Thomas Bley") > The big difference is: > With > >> >> instead of >> >> > > benefits are using static code analyzers, grep " Having function names with single characters is bad taste and only useful for > obfuscating. > Using multiple frameworks or libraries, it's not possible to redeclare > functions with the same name. > > The big difference is: > With > Regards > Thomas > > > Christoph Becker wrote on 24.07.2016 17:54: > >> On 24.07.2016 at 16:55, Thomas Bley wrote: >> >>> In total a good rfc everybody should be happy with. >> >> I'm not happy (to put it mildly) with the RFC as it's now. The RFC >> speaks of *operator*, where actually start-tags[1] are meant, to start >> with. Using the word operator is rather confusing in this context. >> >> Then the RFC states that the new operator is compiled into the following >> AST: >> >> | echo escape_handler_call(first_argument, second_argument); >> >> But what happens to additional code, e.g. >> >> >> >> >> Contrast that to the language specification which explains: >> >> | If > | statement-list started with echo statement. >> >> Simple, yet precise. >> >> Anyhow, even if this formal issues will be addressed, I still don't see >> the benefit of being able to write >> >> >> >> instead of >> >> >> >> The argument that h() might be forgotten is moot, because it's similarly >> easy to accidently write = instead of *, and both forms allow for >> equally well (semi-)automatic verification that all output is escaped. >> >> [1] >> >> >> -- >> Christoph M. Becker >> >> -- >> PHP Internals - PHP Runtime Development Mailing List >> To unsubscribe, visit: http://www.php.net/unsub.php >> > > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php >