On 1/23/08 2:33 PM, "Rob Marscher" <[EMAIL PROTECTED]> wrote:
> On Jan 23, 2008, at 2:01 PM, Cliff Hirsch wrote: >> On 1/23/08 1:54 PM, "John Campbell" <[EMAIL PROTECTED]> wrote: >>> If there is a separation between the programmer and the template >>> editor, it presents another problem. Who is responsible for escaping >>> the data? > > I decided that the view/template has to be responsible for escaping. I can't see how it can't be a mix. What if your variable intentionally has markup? Some content may allow, and intentionally have, simple markup like <b>, <ul/li>, <br> etc. Escaping this variable in the template would not be a good thing. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
