(on Tuesday, 01 December 2009, 10:48 AM -0800):
> I would like to share some ideas about escaping variables in Zend_View
> I've made a view helper wich works as a proxy to main view object and
> escapes variables and view helpers output
You can already call escape() on view helper output (since view helpers
should return strings typically anyways...):
echo $this->escape($this->placeholder('foo')->__toString());
(Though why you'd escape the value of a placeholder, which often
contains markup, is beyond me...)
You can also already specify an alternate callback for escaping:
$view->setEscape($callback);
About the only thing I'm seeing in your proposal that's new is:
* recursive escaping of arrays
* auto-calling of __toString() on objects
The first, recursive escaping, is a little problematic, but could be
useful to incorporate in Zend_View; the latter would be as well.
I'd recommend creating a proposal for adding these feature to Zend_View.
> so instead of
>
> <?php echo $this->escape($this->someVar)?>
> <?php echo $this->escape($this->placeholder('foo'))?>
> <ul>
> <?php foreach ($this->items as $id => $name):?>
> <il><?php echo $this->escape($name)?></li>
> <?php endforeach;?>
> </ul>
>
>
> you can write
>
> <?php echo $this->escaped()->someVar?>
> <?php echo $this->escaped()->placeholder('foo')?>
> <ul>
> <?php foreach ($this->escaped()->items as $id => $name):?>
> <il><?php echo $name?></li>
> <?php endforeach;?>
> </ul>
>
> here is the code
>
> class My_View_Helper_Escaped extends Zend_View_Helper_Abstract
> {
>
> public function escaped()
> {
> return $this;
> }
>
> public function __get($key)
> {
> return $this->_escape($this->view->$key);
> }
>
> public function __call($name, $arguments)
> {
> $result = call_user_func_array(array($this->view, $name),
> $arguments);
> return $this->view->escape($result);
> }
>
> private function _escape($var)
> {
> if (is_scalar($var)) {
> $this->_escapeCallback($var);
> } else if (is_array($var)) {
> $this->_escapeArray($var);
> } else if (is_object($var)) {
> $this->_escapeObject($var);
> }
>
> return $var;
> }
>
> private function _escapeArray(&$array)
> {
> array_walk_recursive($array, array($this, '_escapeCallback'));
> }
>
> private function _escapeObject(&$object)
> {
> $objectVars = get_object_vars($object);
> foreach ($objectVars as $key => $var) {
> $object->$key = $this->_escape($var);
> }
> }
>
> private function _escapeCallback(&$item, $key = null)
> {
> $item = $this->view->escape($item);
> return $item;
> }
>
> }
>
> it's just a first draft, didn't code any test cases yet
> so before adding proposal to wiki, I'm looking for community comments
>
> Thanx
> Denis
> --
> View this message in context: http://n4.nabble.com/Zend-View-escape-helper-tp932418p932418.html
> Sent from the Zend MVC mailing list archive at Nabble.com.
>
--
Matthew Weier O'Phinney
Project Lead | matthew@zend.com
Zend Framework | http://framework.zend.com/
没有评论:
发表评论