Hi Thomas, On Sat, Jun 18, 2016 at 5:23 AM, Thomas Bley <ma...@thomasbley.de> wrote: > you can simply add the context to the current output operator: > <?=html $str ?> > <?=attr $str ?> > <?=text $str ?> (=strip_tags) > <?=js $str ?> > <?=css $str ?> We need <?=uri $str ?> in addition. If we adopt this, we must document clearly that LDAP, SQL, etc are not supported.
I like this idea a lot. Output context is clear and explicit. We may be better to consider "<?= $str" to be "<?php echo htmlspecialchars($str)" rather than "<?php echo $str", but this change would be for PHP 8. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
