On 19 June 2016 at 09:53, Niklas Keller <m...@kelunik.com> wrote: > Rasmus Schultz <ras...@mindplay.dk> schrieb am Sa., 18. Juni 2016, 17:44: > > Did you know that you can alias namespaces, too? > > <?php use My\Stuff\Escape as esc; ?> > <?=esc\html($str)?> > > You can always add more functions to a namespace even spread accross > multiple files. >
Pro-userland: quick reminder that a `composer update` is much quicker than a full system PHP version upgrade. I'd rather rely on an escaping package written in PHP, easier to maintain and quicker to upgrade, than something that will likely use some obscure shared library (or the PHP binary itself) that may not be upgraded for weird reasons (it's shared, remember?). I know that you put a lot of effort in security maintenance, but it's still easier to deal with this stuff in userland in any case, and most templating languages in common frameworks already inject helpers in the script context in order to achieve quick, effective and context-aware (no automatic context detection) escaping. Marco Pivetta http://twitter.com/Ocramius http://ocramius.github.com/
