Hi! > Most of output code is an output of properties of database entities, and > only in some cases it's needed to concatenate HTML into string and then > print it with unescaped output. Escaped output operator can be useful. Also > we output data not into the void and not into simple text file, but into > HTML-document which has a certain format (markup). Also this is logical - > to have both forms, escaped and unescaped.
This has been discussed on the list a number of times. Main issue with this kind of proposals is that escaping is context-dependent. E.g. htmlspecialchars() would not help you in many scenarios - e.g. it won't protect you from XSS if you ever place user-controlled data in HTML attributes. Having operator for each of the possible contexts does not really looks feasible, and having it for only one of them and not the others would be misleading people into thinking this operator is generic and can be used in all contexts safely. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
