Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94757
Return-Path: <ocramius@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 7632 invoked from network); 30 Jul 2016 17:40:13 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 30 Jul 2016 17:40:13 -0000
Authentication-Results: pb1.pair.com smtp.mail=ocramius@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=ocramius@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.47 as permitted sender)
X-PHP-List-Original-Sender: ocramius@gmail.com
X-Host-Fingerprint: 74.125.82.47 mail-wm0-f47.google.com  
Received: from [74.125.82.47] ([74.125.82.47:36413] helo=mail-wm0-f47.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id A0/F2-22978-B76EC975 for <internals@lists.php.net>; Sat, 30 Jul 2016 13:40:12 -0400
Received: by mail-wm0-f47.google.com with SMTP id q128so323774577wma.1
        for <internals@lists.php.net>; Sat, 30 Jul 2016 10:40:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=lpIJAJWeZv5ojm6quH5rDR447wTl/r9uxsFqgVugiHE=;
        b=mXRp/2aI+3NJe8kGxJILpw1dVbwzOe48KQ0+WgwwHR9AEijOZopiaWQM/RK0/IzSgr
         UnbqWj7Qbcmfh1ilbX0MeJaV0IwrCSxAyloMwn2N7mZVVQPQ1twebfyufJf06q5YpuPh
         NWxDkRBf4mmosZv2Ac7UXyQfzq2fzbrPhEJpUhpPjsIrQ2sAIH2kgRQQPUkx88SQF9l5
         xhm46/p/3IxYeQx3FCsN+e+ejFB0j9IzFpkVJnt//ISsf21/RY0QYhH+V7taXCBzzS9J
         L8zZjdF/inbEeWVKazTf1LXxsubNFnKmIbWFHrrdGdBTpaqgibSFGcGLwiev2F9upzdi
         C/Sw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=lpIJAJWeZv5ojm6quH5rDR447wTl/r9uxsFqgVugiHE=;
        b=jCLxvXokmeJU3FjNqpbjBeoknhgCIvzsQwSOyJxtKmPx6ah6Ep1hODlOUO14peHwg4
         quXt2IBM3VBfpX8ry7gP7hvkL+6VAtJo1M+Kdo13qW7hUZcH1Bqb0BfsCnUG9IZDfVkV
         o1rw7vojqQHTVQNWqDNNL7o2xGqTbNGfeou8G4X8+Vfd+TnMhg6Ih+eQUXPxYeCTGTcs
         On4IEvGrSKaIqRLptj+ickczDvMQcPwYPVxWScD1Fkh1xgALEQZPbtRk9+EfIAbRYW7r
         E4LOetwHzVO//vP6PfLhH4moNz0pmMLKeKkE8ihqab7tOSXq2byao+1N09D/LmJhC8Tt
         kMgA==
X-Gm-Message-State: AEkoouu5fLC2fI1Jo3psrvWanGgXJx85FE9LZ0wFas6ZFCB3G5+yn3ffef7Z7bU/Xb15KGE/pLap3yAvOMxWfQ==
X-Received: by 10.28.61.11 with SMTP id k11mr50222445wma.34.1469900408956;
 Sat, 30 Jul 2016 10:40:08 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.194.125.242 with HTTP; Sat, 30 Jul 2016 10:39:48 -0700 (PDT)
In-Reply-To: <CAEDdnaWJbWoF6YkioafOTXtAXOK3dk3-bTO75q6Jtg6NpB-gRA@mail.gmail.com>
References: <CAEDdnaWVYbh=t1-bvDh9fixCoC7Be4asoEus=dRhGggx_9VLNg@mail.gmail.com>
 <933449d0-90c2-0d7a-cb80-a171289d8286@texthtml.net> <CAGovj_PiUjJmAncZjrtTiJmBTmuwA1MgfpjwpkKWdp_NHPekpw@mail.gmail.com>
 <CAEDdnaWEwNH-+kOxPk2GDqRod90kOqbT1yGHkOMqx5L9AXRaLA@mail.gmail.com>
 <CAEDdnaVrAvMHzj=bxhp9fOEFRgJ3rY9Tn9XP0oPfYZ0EU-RrjA@mail.gmail.com>
 <20160724145557.D52C31A80BBD@dd1730.kasserver.com> <6cfac572-9982-87f8-5a55-9213d978cde9@gmx.de>
 <20160724162103.BC5741A83512@dd1730.kasserver.com> <efdfdd99-77d9-f722-7000-13b4528dd77c@gmx.de>
 <20160724172131.675AC1A800B0@dd1730.kasserver.com> <9bc0db6a-fa19-5f87-0e82-3702dcb34254@gmx.de>
 <CAEDdnaWm-fUoBRdrce=DF8By6ybkTe_ca_niV2xdQp4yecU6Rw@mail.gmail.com>
 <CAEDdnaVx2Rx0pe+ZCzP=rpWW8OiQ73opmRhLCho_MwV1NRAiaw@mail.gmail.com>
 <20160727224510.7B80C1A80358@dd1730.kasserver.com> <20160728093917.5DCC51A82392@dd1730.kasserver.com>
 <a3299edc-3754-c8ba-0ff8-6cdf214c12ed@gmail.com> <CADqTB_jb9zTOiM7khjMVKRi9bV4AJ5E+tQTWvNEbW5RYVDmD2A@mail.gmail.com>
 <CAEDdnaWJbWoF6YkioafOTXtAXOK3dk3-bTO75q6Jtg6NpB-gRA@mail.gmail.com>
Date: Sat, 30 Jul 2016 19:39:48 +0200
Message-ID: <CADyq6sK8wgF0u9WSr_6NNe2yg__UrNCzWv3Thki5NPnD_f9WCQ@mail.gmail.com>
To: Michael Vostrikov <michael.vostrikov@gmail.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a114b703abb2f0b0538dddb18
Subject: Re: [PHP-DEV] [RFC] New operator for context-dependent escaping
From: ocramius@gmail.com (Marco Pivetta)

--001a114b703abb2f0b0538dddb18
Content-Type: text/plain; charset=UTF-8

On Sat, Jul 30, 2016 at 8:06 AM, Michael Vostrikov <
michael.vostrikov@gmail.com> wrote:

> No! You don't understand what I'm trying to explain.


We understand, that's why we're discussing so much against it.


> This feature will be
> useful for ALL applications without template engine - frameworks, CMS,
> custom core.


Not really. What you propose is `Foo::escape()` (static), as a language
construct.
This is a problem, as it makes the escaping statically bound to a
configured endpoint, and that endpoint may even change (what the heck?!)
Templating engines can instead switch the escaping per-template-file, which
is much more powerful, as the assumption of context may change.

This is the same as calling constructor manually after every 'new'
> statement: (new User)->__construct(...), (new Profile)->__construct(...).
>

If any templating engine does that, I'd suggest opening an issue on their
issue tracker to make their implementation non-static instead.

Anyway, I saw that voting is open, and already voted "No" on it for the
reasons mentioned above, and because I don't believe in adding more custom
AST for something that is already working very well in userland via
functions.

Users that don't escape their output usually do so because they lived under
a rock, and they'll continue to do so regardless.
Users that know how and when to escape are already using appropriate
functions for that.

The proposed solution is a solution, but not for this problem, in my
opinion.

Greets,

Marco Pivetta

http://twitter.com/Ocramius

http://ocramius.github.com/

--001a114b703abb2f0b0538dddb18--