I write plugins which other people use in their Symfony apps.
They might be using any of the possible escaping_strategy settings.
I need a consistent way to access the escaped and non-escaped forms of
the variables and request fields, REGARDLESS of that setting, because
I don't want to force a particular setting on third-party devs but I
don't want to fail to escape things properly either.
The documentation says that $sf_data is only defined for certain
escaping strategies.
Writing this everyplace I need raw access:
isset($sf_data) ? $sf_data->getRaw('foo') : $foo
Is not practical. Neither is:
isset($sf_data) ? $sf_data->get('foo') : htmlspecialchars($foo)
In all the places where I DO want escaping.
Is there a clean way to do this? Should I require users of my plugins
to use the 'bc', 'on', 'or 'both' strategies and specifically refuse
to support 'off'? This might not be too awful, since 'bc' is the
default, but I'd hate to tell people they can't choose an escaping
strategy of their choice in their own code for performance reasons, as
the documentation says.
Maybe I can specify an alternate escaping strategy on a per-module
basis somehow?
Any help appreciated, thanks!
--
Tom Boutell
P'unk Avenue
215 755 1330
punkave.com
window.punkave.com
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
-~----------~----~----~----~------~----~------~--~---
