On 24.07.2016 at 16:55, Thomas Bley wrote: > In total a good rfc everybody should be happy with.
I'm not happy (to put it mildly) with the RFC as it's now. The RFC speaks of *operator*, where actually start-tags[1] are meant, to start with. Using the word operator is rather confusing in this context. Then the RFC states that the new operator is compiled into the following AST: | echo escape_handler_call(first_argument, second_argument); But what happens to additional code, e.g. <?* $str, 'html', 42 ?> <?* $str, 'html'; echo 42 ?> Contrast that to the language specification which explains: | If <?= is used as the start-tag, the Engine proceeds as if the | statement-list started with echo statement. Simple, yet precise. Anyhow, even if this formal issues will be addressed, I still don't see the benefit of being able to write <?* $str ?> instead of <?=h($str)?> The argument that h() might be forgotten is moot, because it's similarly easy to accidently write = instead of *, and both forms allow for equally well (semi-)automatic verification that all output is escaped. [1] <https://github.com/php/php-langspec/blob/master/spec/04-basic-concepts.md#program-structure> -- Christoph M. Becker -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
