Rasmus > Do you get my point that a reference to a closure is state? And if it's global state, that's extremely bad - the entire PHP community is fighting like hell to avoid that, with PSR-7 and layers of abstraction on top of, well, everything, in order to make code testable. What is the difference with autoload stask? This is global state too.
> the main problem you appear to be solving, is that htmlspecialchars() is too long and ugly and inconvenient, Sorry, this IS NOT main problem. I repeated this many times, in discussion and in RFC. > the registry in Symfony (at least, I don't know about Twig) is inside an instance - it's not global state. You can use your own implementation of PHP escaper, without a registry. > so the caller knows precisely what the result it, because only the caller can know the context and intent. The caller can use its own implementation. PHPEscaper is just default implementation for those who don't want to care about it. Dan > But then there is no way to restore the previous handler. Why? You can get a callable value from getHandlers() and store it into variable. Escaping does not require a stack like SPL autoload. We don't need to encode an apostrophe as '#039' and as 'apos' in different parts of template. If we need to preapre e.g. some XML template, we can 'use MyXMLEscaper as PHPEscaper' and implement there any encoding we need. > Stuff that is added to the core needs to cover all use-cases, not just the typical ones. What is such use case, could you give some example? And yes, it is possible to write own implementation, with stack. > Then please copy the set_error_handler behaviour set_error_handler is invented for, hm, error handling. As I think. the use case for escaping handlers is "if there is no handler for 'js', define this handler". So, with a behavior like set_error_handler(), registerHandler() will just overwrite existing handler, and we will have to check existsing handlers before a call of registerHandler(), instead of just to check returned result. Ok, I will change this behavior. Rasmus and Marcio >> adding a global registry for that is overkill, and the whole >> problem would go away if you could simply autoload functions: >> <h1><?= html($title) ?></h1> > Agree with that, making functions easier to use seems more appealing to me. Why do you talking about autoloading? We can now define a global function h() which will call any function we want. For escaping this is not a problem, unlike a big set of functions from some namespace (e.g. like specific math functions). So, function autoloading is another problem. Advice about global function which was written in 2002 here https://bugs.php.net/bug.php?id=16007. But the problem with HTML escaping is still present.
