2016-07-16 11:33 GMT-04:00 Michael Vostrikov <michael.vostri...@gmail.com>: > > Hello. > I have created RFC about context-dependent escaping operator. > https://wiki.php.net/rfc/escaping_operator > > Initial discussion was here: http://marc.info/?t=146619199100001
Hi, A few possible RFC improvements: 1. Is there any specific reason why we're using a class instead of functions to register a callable the same way it's done for exception handling or error handling? Hacking non FQN resolutions to inject another escaper implementation as in "<?php use MyEscaper as PHPEscaper; ?>" was a creative idea but it seems inconsistent with the preferable "PHP way" to handle these edge cases. 2 . Is there any rationale why we're using strings separated by '|' to pass context instead of an array? Ex.: <?* $str, ['js', 'html'] ?> 3. I think the default implementation should throw a more specific exception in case of unknown context (\PHP\EscapeException?) - currently it's throwing \Exception. The reason for that is because log level and handling may be more severe in case of failing escaping. Userland implementations should be encouraged to throw the same specific exception too (documentation could enforce that). 4. This line on your patch is unnecessary: https://github.com/michael-vostrikov/php-src/commit/571cd7c88488a08c82b10f0c3af559881f1a2951#diff-7eff82c2c5b45db512a9dc49fb990bb8R274 In general this RFC looks better than the expected considering the previous discussions. Please, keep improving :) Best, Márcio.
