> Wouldn't this __auto_escape setting effectively break libraries that depend > on it being on or off?
The settings was meant to be turned on *only* during template rendering. So, yes, if outside code is run during your template rendering that also uses templating, but is unaware of auto escaping, things will be double-escaped. In our project, we've never run into this problem. Most php libraries we use aren't in the business of producing strings with php templates. And if they are, we haven't called them during template rendering. > > People often write code to generate HTML like this: > > ob_start(); > ?> > > <div>some HTML <?= escape_html($other_text) ?></div> > > <div>more HTML <?= $other_html ?></div> > > <!-- etc --> > > <?php > $html = ob_get_clean(); > > > If that code is in a library, it can't be used with this setting enabled. > That could become a real pain point for the whole PHP ecosystem. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
