2016-07-18 16:03 GMT-04:00 Rasmus Schultz <ras...@mindplay.dk>:
> > Registry of functions - is exactly how escaping is performed in Symfony
> and Twig.
>
> For one, that does not mean it's a good idea.
>
> For another, the registry in Symfony (at least, I don't know about Twig) is
> inside an instance - it's not global state.
>
> Do you get my point that a reference to a closure is state? And if it's
> global state, that's extremely bad - the entire PHP community is fighting
> like hell to avoid that, with PSR-7 and layers of abstraction on top of,
> well, everything, in order to make code testable.
>
> Catering to different skill levels is no excuse.
>
>
Just a small rant on the global state discussion.
Even though the API for *_exception_handler() and *_exception_handler()
manage global state, this is not the biggest of the issues if we are
talking about language level hooks. If there is something that should be
allowed to manage global state by design is the programming language you're
working on (when you declare a function foo(){}, you're creating state
somewhere). The point is that it should be possible to manage the global
state with as much isolation as possible. So code like the following should
be possible:
class MyTemplatingEngineRender {
function render(Template $template, array $data) {
$old_handlers = set_escape_handlers(['html' => $this->htmlEscaper,
'xml' => $this->xmlEscaper, 'js' => $this->jsEscaper]);
// logic to render the templates and get the output
set_escape_handlers($old_handlers);
// OR
restore_escape_handlers();
// return the rendered template ready for response
}
}
Not defending that we should add global state as a first option for every
issue, but sometimes it's just not avoidable. For this RFC in specific, it
seems doable.
> HTML escaping is, yes, a very pragmatic task - it's also solved already,
> with htmlspecialchars() ... the main problem you appear to be solving, is
> that htmlspecialchars() is too long and ugly and inconvenient, which, okay,
> it is - but adding a global registry for that is overkill, and the whole
> problem would go away if you could simply autoload functions:
>
> <h1><?= html($title) ?></h1>
>
>
Agree with that, making functions easier to use seems more appealing to me.
Cheers,
Márcio.
