Walter, yes I read, did you read? Niklas wrote: > The escaping should also be aware of the content encoding.
I wrote: no we have a php.ini setting The context problem is already answered in the mail from Stas. Regards Thomas Walter Parker wrote on 18.06.2016 00:20: > Thomas, are you actually reading and understanding what the others are > saying? > > You seem to be answering questions that have not been asked or giving the > simple, easy and wrong answer. > > > Walter > > On Fri, Jun 17, 2016 at 1:37 PM, Thomas Bley <ma...@thomasbley.de> wrote: > >> using the default encoding from php.ini's default_charset should be no >> problem, htmlspecialchars() already does it if the encoding parameter is >> not provided. >> >> Regards >> Thomas >> >> Niklas Keller wrote on 17.06.2016 22:31: >> >> > Hi, >> > >> > the issue is that things have to be escaped dependent on the context. If >> > you are in a HTML context you need different escaping than you need in a >> > CSS or JS block. The escaping should also be aware of the content >> encoding. >> > All that makes it difficult for PHP to directly support such an operator. >> > >> > You can always alias "e" or something like that to be your default escape >> > function. >> > >> > Regards, Niklas >> > >> > Михаил Востриков <michael.vostri...@gmail.com> schrieb am >> Fr., >> > 17. Juni >> > 2016, 21:29: >> > >> >> Hello. I was thinking about a presence of escaped output operator in PHP >> >> and found this feature request: https://bugs.php.net/bug.php?id=62574. >> I >> >> think this is quite necessary feature. There are a lot of projects >> which is >> >> written without templating engine, and there are frameworks without >> >> built-in templating engine by default. All this projects require to >> write >> >> the code. Usually it is rather simple to switch to new version of >> language, >> >> but it is almost impossible to switch many and many templates on a >> >> templating engine. >> >> >> >> Most of output code is an output of properties of database entities, and >> >> only in some cases it's needed to concatenate HTML into string and then >> >> print it with unescaped output. Escaped output operator can be useful. >> Also >> >> we output data not into the void and not into simple text file, but into >> >> HTML-document which has a certain format (markup). Also this is logical >> - >> >> to have both forms, escaped and unescaped. >> >> >> >> I want to suggest the operator "<?~ $str ?>", which will automatically >> wrap >> >> output in htmlspecialchars(). It is mentioned in the feature request >> above. >> >> It is quite easy to type, and there is a small possibility to write "<?= >> >> ?>" instead. >> >> >> >> In PHP 7 there are new operators and other changes. I think, new echo >> >> operator also can be added. I can implement it myself. >> >> >> > >> >> >> -- >> PHP Internals - PHP Runtime Development Mailing List >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> > > > -- > The greatest dangers to liberty lurk in insidious encroachment by men of > zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
