Hello,
I created a small ticket to propose a shorter syntax for htmlspecialchars:
old:
<?= htmlspecialchars($str, ENT_QUOTES) ?>
new:
<?+ $str ?>
or:
<?~ $str ?>
any comments, pros and cons?
https://bugs.php.net/bug.php?id=62574
Best regards,
Thomas
Hello,
I created a small ticket to propose a shorter syntax for htmlspecialchars:
old:
<?= htmlspecialchars($str, ENT_QUOTES) ?>new:
<?+ $str ?>
or:
<?~ $str ?>any comments, pros and cons?
https://bugs.php.net/bug.php?id=62574
Best regards,
Thomas
The problem here is that htmlspecialchars only covers html body, and not
html attributes, or other contexts (eg js, css, urls).
You're better off using something like Zend\Escaper, or Symfony's escaper.
The escaper RFC also gives a good amount of detail:
https://wiki.php.net/rfc/escaper
As for the shorter syntax with automatic output, I think it makes the
code harder to read.
Cheers,
David
Hi!
Hello,
I created a small ticket to propose a shorter syntax for htmlspecialchars:
old:
<?= htmlspecialchars($str, ENT_QUOTES) ?>
Don't think operator can make sense here, since you can have different
options, etc. depending on context. But you could do this if the above
is too long for you:
function _h($str) {
return htmlspecialchars($str, ENT_QUOTES);
}
...
<?= _h($str); ?>
Not much longer than operator, much clearer and does not require
language syntax to be linked to some specific options in some specific
function.
--
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227