On 16/01/13 08:22, Thomas Bley wrote:
Hello,
I created a small ticket to propose a shorter syntax for htmlspecialchars:
old:
<?= htmlspecialchars($str, ENT_QUOTES) ?>
new:
<?+ $str ?>
or:
<?~ $str ?>
any comments, pros and cons?
https://bugs.php.net/bug.php?id=62574
Best regards,
Thomas
The problem here is that htmlspecialchars only covers html body, and not
html attributes, or other contexts (eg js, css, urls).
You're better off using something like Zend\Escaper, or Symfony's escaper.
The escaper RFC also gives a good amount of detail:
https://wiki.php.net/rfc/escaper
As for the shorter syntax with automatic output, I think it makes the
code harder to read.
Cheers,
David
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
