2016-07-18 16:03 GMT-04:00 Rasmus Schultz <ras...@mindplay.dk>: > > Registry of functions - is exactly how escaping is performed in Symfony > and Twig. > > For one, that does not mean it's a good idea. > > For another, the registry in Symfony (at least, I don't know about Twig) is > inside an instance - it's not global state. > > Do you get my point that a reference to a closure is state? And if it's > global state, that's extremely bad - the entire PHP community is fighting > like hell to avoid that, with PSR-7 and layers of abstraction on top of, > well, everything, in order to make code testable. > > Catering to different skill levels is no excuse. > > Just a small rant on the global state discussion.
Even though the API for *_exception_handler() and *_exception_handler() manage global state, this is not the biggest of the issues if we are talking about language level hooks. If there is something that should be allowed to manage global state by design is the programming language you're working on (when you declare a function foo(){}, you're creating state somewhere). The point is that it should be possible to manage the global state with as much isolation as possible. So code like the following should be possible: class MyTemplatingEngineRender { function render(Template $template, array $data) { $old_handlers = set_escape_handlers(['html' => $this->htmlEscaper, 'xml' => $this->xmlEscaper, 'js' => $this->jsEscaper]); // logic to render the templates and get the output set_escape_handlers($old_handlers); // OR restore_escape_handlers(); // return the rendered template ready for response } } Not defending that we should add global state as a first option for every issue, but sometimes it's just not avoidable. For this RFC in specific, it seems doable. > HTML escaping is, yes, a very pragmatic task - it's also solved already, > with htmlspecialchars() ... the main problem you appear to be solving, is > that htmlspecialchars() is too long and ugly and inconvenient, which, okay, > it is - but adding a global registry for that is overkill, and the whole > problem would go away if you could simply autoload functions: > > <h1><?= html($title) ?></h1> > > Agree with that, making functions easier to use seems more appealing to me. Cheers, Márcio.