Devs, From what I understand, r8201 sets the default escaping to 'off'. And either I don't fully understand it, or it will break a lot of applications with no possibility to upgrade, and for several reasons:
- Some plugins use $sf_data->getRaw() in templates to deal with escaping properly when required. But with escaping set to off by default, $sf_data doesn't exist, does it? So these plugins will break. And this will force plugin writers to review their code entirely to make it work in both cases (either by detecting escaping before every escape, or by providing two versions of the plugins). This is such a lot of work that I'm pretty sure many developers will not do it, reducing the number of 1.1 compatible plugins drastically. - Applications that currently rely on 'bc' will get an exception when upgrading. Now, if they do want to use some pieces of code with escaping, they will have no choice but to switch to 'both', and that will probably break their applications in a lot of places with no easy upgrade path. So my question is: Is the purpose of improved security a good enough reason to make the upgrade to 1.1 much harder? François --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en -~----------~----~----~----~------~----~------~--~---
