I would like to share some ideas about escaping variables in Zend_View
I've made a view helper wich works as a proxy to main view object and
escapes variables and view helpers output
so instead of
<?php echo $this->escape($this->someVar)?>
<?php echo $this->escape($this->placeholder('foo'))?>
<ul>
<?php foreach ($this->items as $id => $name):?>
<il><?php echo $this->escape($name)?></li>
<?php endforeach;?>
</ul>
you can write
<?php echo $this->escaped()->someVar?>
<?php echo $this->escaped()->placeholder('foo')?>
<ul>
<?php foreach ($this->escaped()->items as $id => $name):?>
<il><?php echo $name?></li>
<?php endforeach;?>
</ul>
here is the code
class My_View_Helper_Escaped extends Zend_View_Helper_Abstract
{
public function escaped()
{
return $this;
}
public function __get($key)
{
return $this->_escape($this->view->$key);
}
public function __call($name, $arguments)
{
$result = call_user_func_array(array($this->view, $name),
$arguments);
return $this->view->escape($result);
}
private function _escape($var)
{
if (is_scalar($var)) {
$this->_escapeCallback($var);
} else if (is_array($var)) {
$this->_escapeArray($var);
} else if (is_object($var)) {
$this->_escapeObject($var);
}
return $var;
}
private function _escapeArray(&$array)
{
array_walk_recursive($array, array($this, '_escapeCallback'));
}
private function _escapeObject(&$object)
{
$objectVars = get_object_vars($object);
foreach ($objectVars as $key => $var) {
$object->$key = $this->_escape($var);
}
}
private function _escapeCallback(&$item, $key = null)
{
$item = $this->view->escape($item);
return $item;
}
}
it's just a first draft, didn't code any test cases yet
so before adding proposal to wiki, I'm looking for community comments
Thanx
Denis
--
View this message in context: http://n4.nabble.com/Zend-View-escape-helper-tp932418p932418.html
Sent from the Zend MVC mailing list archive at Nabble.com.
没有评论:
发表评论