2010年10月31日星期日

[fw-mvc] Re: Auto HTML escaper module for Zend_View.

Andy,

I knew I could parse and replace view files with Zend_View_Stream. But I
thought it was very slow.

But after I have tested it myself, I changed my mind. (Please check my other
reply.) I must admit your way is more practical and less buggy.

In my opinion, what's important is all values are to be escaped by default
in order not to forget to put escape-flag to suspicious values.

<?= $this->foo; ?> // escaped
<?=~ $this->foo; ?> // raw value

Chikara

--
View this message in context: http://zend-framework-community.634137.n4.nabble.com/Auto-HTML-escaper-module-for-Zend-View-tp3019090p3020913.html
Sent from the Zend MVC mailing list archive at Nabble.com.

没有评论: