On Nov 21, 4:01 pm, Fabien Potencier <fabien.potenc...@gmail.com> wrote: > Thanks all for the feedback. > > Here is what I propose to do: > > * remove the Output Escaper component to a standalone repo on > Github (so that if someone want to take over the maintenance, that's > possible) > * remove all usage of the Output Escaper component in > FrameworkBundle > * add functions/methods to ease manual escaping > * update documentation to compare Twig/PHP features and emphasize > the pros and cons of each solution > > Before I start, I need to know what kind of functions/methods we add > to ease manual escaping. > > Do we add a helper? > > $view['escaper']->escape($var, 'html') > > That's the more "natural" thing to do but as you can see, this is > really verbose. > > Do we add functions? If so, what's the difference with the standard > htmlentities/htmlspecialchars PHP functions?
The solution is actually much simpler than that as we already have an escape() method in the Engine. I've just made it more powerful (context aware), and that's all there is to it really. I have committed the code and updated the documentation accordingly. Fabien -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to symfony-devs@googlegroups.com To unsubscribe from this group, send email to symfony-devs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
