(on Friday, 30 January 2009, 09:24 AM -0600):
> I'm new to ZF and to some of the concepts of OO type systems in general, though
> I've used PHP for quite some time. So, my apologies if this is really basic,
> but how can I efficiently create a replacement for $this->escape() that would
> still use all of the settings (like SetEscape(), etc) but be named $this->e()
> or $this->esc(), just for cleaner view files (with the caveat that $this->e()
> isn't as immediately understandable as $this->escape()).
This last point is why we have named the method escape() - to ensure
it's immediately apparent what the method does.
> Do I need to extend Zend_View and change how the whole MVC system works or is
> there some other way?
As somebody else noted, you can extend Zend_View, or also write a helper
to do this.
One idea we're playing around with is to make escaping the default for
ZF 2.0 -- in other words, shift from selectively escaping to selectively
using the raw value. This is a better practice when you consider the
security mantra, "Filter input, escape output," as it acts as a
poka-yoke -- it does the right thing by default, but gives you the
option of explicitly asking for the more dangerous alternative.
--
Matthew Weier O'Phinney
Software Architect | matthew@zend.com
Zend Framework | http://framework.zend.com/
没有评论:
发表评论