> <?* $str ?> > > instead of > > <?=h($str)?>
benefits are using static code analyzers, grep "<?=" for code reviews, etc. Having function names with single characters is bad taste and only useful for obfuscating. Using multiple frameworks or libraries, it's not possible to redeclare functions with the same name. The big difference is: With <?*, you have to define an escaping function, with <?= it's optional. Regards Thomas Christoph Becker wrote on 24.07.2016 17:54: > On 24.07.2016 at 16:55, Thomas Bley wrote: > >> In total a good rfc everybody should be happy with. > > I'm not happy (to put it mildly) with the RFC as it's now. The RFC > speaks of *operator*, where actually start-tags[1] are meant, to start > with. Using the word operator is rather confusing in this context. > > Then the RFC states that the new operator is compiled into the following > AST: > > | echo escape_handler_call(first_argument, second_argument); > > But what happens to additional code, e.g. > > <?* $str, 'html', 42 ?> > <?* $str, 'html'; echo 42 ?> > > Contrast that to the language specification which explains: > > | If <?= is used as the start-tag, the Engine proceeds as if the > | statement-list started with echo statement. > > Simple, yet precise. > > Anyhow, even if this formal issues will be addressed, I still don't see > the benefit of being able to write > > <?* $str ?> > > instead of > > <?=h($str)?> > > The argument that h() might be forgotten is moot, because it's similarly > easy to accidently write = instead of *, and both forms allow for > equally well (semi-)automatic verification that all output is escaped. > > [1] > <https://github.com/php/php-langspec/blob/master/spec/04-basic-concepts.md#program-structure> > > -- > Christoph M. Becker > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
