I don't think there should be a PSR to dictate how and if output is
escaped. It also shouldn't dictate specific tests. If you are not sure
about the security of a template engine output escape function there are
better ways like a security audit and sending a PR with fixes or tests.
An
Hey Woody,
I'm pretty sure there is a lot of things that need to be discussed if we go
the template way.
The render method could be:
public function render(array|object $parameters) : string;
In that case, it would be up to the implementators to adapt to the passed
parameter. This is mostly
What if my templates use objects?
On Thu, Oct 6, 2016, 04:34 David Négrier wrote:
> Hey,
>
> I would simply like to give a huge +1 to Larry's answer because he did
> nail the problem perfectly.
>
> Escaping is done in the template, therefore is used by template engine
>
Hey,
I would simply like to give a huge +1 to Larry's answer because he did nail
the problem perfectly.
Escaping is done in the template, therefore is used by template engine
authors. There are not a hundred different ways to do escaping and an
escaping PSR would really dictate an
Hi,
On 06/10/2016 09:53, Alessandro Lai wrote:
> Maybe the aim of this PSR should be a test suite (or at least a data
> provider of common and edge cases for tests) instead of an interface: if
> your escaper pass all the tests, it's PSR-x compliant.
>
> This could be a really good standard,
On 10/5/16 12:17, Larry Garfield wrote:
On 10/05/2016 05:05 PM, Korvin Szanto wrote:
On Tue, Oct 4, 2016 at 4:18 PM Sara Golemon > wrote:
On Tuesday, October 4, 2016 at 9:40:03 AM UTC-7, Korvin Szanto wrote:
Are you thinking like a text
On 10/05/2016 05:05 PM, Korvin Szanto wrote:
On Tue, Oct 4, 2016 at 4:18 PM Sara Golemon > wrote:
On Tuesday, October 4, 2016 at 9:40:03 AM UTC-7, Korvin Szanto wrote:
Are you thinking like a text filter PSR or more of an output
Hi,
My thinking was an output escaping spec. It is a lot more nuanced than you
may initially think as there is context to consider eg you need to escape
differently inside a html attribute as you do for straight onto the page,
similarly for a js context or css context.
An interface containing
I think it's a good idea. following..
--
You received this message because you are subscribed to the Google Groups "PHP
Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to php-fig+unsubscr...@googlegroups.com.
To post to
Hi Chris,
Are you thinking like a text filter PSR or more of an output management
PSR? It sounds like a single interface with a single method to me:
`FilterInterface::filter($mixed): mixed;`.
Thanks,
Korvin
On Tue, Oct 4, 2016 at 7:39 AM Chris Riley wrote:
> Hi,
>
> I
10 matches
Mail list logo