> > 1. Is there any specific reason why we're using a class instead of > functions to register a callable the same way it's done for exception > handling or error handling? Hacking non FQN resolutions to inject another > escaper ... >
I would not call it 'hacking') This is exaclty the same as if we write 'PHPEscaper::escape()' manually in PHP context. I didn't want to add many related items to a global namespace, and with class it is possible to use autoloading. 2. Is there any rationale why we're using strings separated by '|' to pass > context instead of an array? Ex.: > <?* $str, ['js', 'html'] ?> > Yes, I thought about array. It can be added on a par with string. Strings just looks more similar to escaping in template engines. 3. I think the default implementation should throw a more specific > exception in case of unknown context (\PHP\EscapeException?) > 4. This line on your patch is unnecessary > You are right, thanks. This commit is a concept, if RFC will be accepted, I will prepare a patch with more correct code.
