> This can be done with e.g. "<?* $str, 'raw' ?>". sometimes you also need to sanitize html, e.g.
<?* $str, 'sanitize' ?> see http://htmlpurifier.org/ Regards Thomas Michael Vostrikov wrote on 30.07.2016 16:01: >> This new tag will not simply replace <?= $var ?> because you still need > to output HTML sometimes. > > This can be done with e.g. "<?* $str, 'raw' ?>". > > >> What you've coined "context" is really just a pseudo function-call - it > does not automatically establish context > > Yes. Because the language cannot know the task, it cannot know exact set of > escapers which are needed for a ceratin value. But it can provide tools to > do this. Automatic context determination is not the aim of this RFC. > > >> specifying the right "context" requires the exact same choice and > diligence as selecting the right function > > Yes. The aim is to call escaping function automatically and to make some > context default, so that the user will not take care about calling it > everywhere manually. > > >> it somewhat changes the problem, but doesn't actually solve the problem > > Sorry, I don't know what problem are you talking about, the problem which > this operator solves is described in the RFC. > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
