Thomas, are you actually reading and understanding what the others are saying?
You seem to be answering questions that have not been asked or giving the simple, easy and wrong answer. Walter On Fri, Jun 17, 2016 at 1:37 PM, Thomas Bley <ma...@thomasbley.de> wrote: > using the default encoding from php.ini's default_charset should be no > problem, htmlspecialchars() already does it if the encoding parameter is > not provided. > > Regards > Thomas > > Niklas Keller wrote on 17.06.2016 22:31: > > > Hi, > > > > the issue is that things have to be escaped dependent on the context. If > > you are in a HTML context you need different escaping than you need in a > > CSS or JS block. The escaping should also be aware of the content > encoding. > > All that makes it difficult for PHP to directly support such an operator. > > > > You can always alias "e" or something like that to be your default escape > > function. > > > > Regards, Niklas > > > > Михаил Востриков <michael.vostri...@gmail.com> schrieb am Fr., > > 17. Juni > > 2016, 21:29: > > > >> Hello. I was thinking about a presence of escaped output operator in PHP > >> and found this feature request: https://bugs.php.net/bug.php?id=62574. > I > >> think this is quite necessary feature. There are a lot of projects > which is > >> written without templating engine, and there are frameworks without > >> built-in templating engine by default. All this projects require to > write > >> the code. Usually it is rather simple to switch to new version of > language, > >> but it is almost impossible to switch many and many templates on a > >> templating engine. > >> > >> Most of output code is an output of properties of database entities, and > >> only in some cases it's needed to concatenate HTML into string and then > >> print it with unescaped output. Escaped output operator can be useful. > Also > >> we output data not into the void and not into simple text file, but into > >> HTML-document which has a certain format (markup). Also this is logical > - > >> to have both forms, escaped and unescaped. > >> > >> I want to suggest the operator "<?~ $str ?>", which will automatically > wrap > >> output in htmlspecialchars(). It is mentioned in the feature request > above. > >> It is quite easy to type, and there is a small possibility to write "<?= > >> ?>" instead. > >> > >> In PHP 7 there are new operators and other changes. I think, new echo > >> operator also can be added. I can implement it myself. > >> > > > > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis
