2010年10月29日星期五

Re: [fw-mvc] Auto HTML escaper module for Zend_View.

-- chikaram <chikara.miyake@gmail.com> wrote
(on Friday, 29 October 2010, 06:23 AM -0700):
> I love ZendFramework and I wanted my team use it.
> But that you couldn't escape vars in view automatically was its biggest
> drawbacks.
>
> So I write this - auto HTML escaper module for Zend_View:
> http://github.com/chikaram/gnix-view

You may be interested in work I've been doing on Zend\View in ZF2. In
that component, I'm separating variable storage into a separate object
-- which makes auto-escaping trivial:

echo $this->vars('foo'); // escaped
echo $this->vars()->getRawValue('foo'); // unescaped

It's also configurable, allowing you to disable auto-escaping if a
particular context does not require it:

$this->vars()->setIsStrict(false);
echo $this->vars('foo'); // unescaped

In ZF1, the only way to do auto-escaping requires extending Zend_View
and doing some hackery in __get and getVars (and optionally __set).
While it's do-able, it's non-trivial.

> It's been working well on a medium-scale project - about 45,000SLOC, 900M
> PVs/Month.
> We are very happy because we don't need to bother with writing
> $this->escape() all the time we use view variables.
>
> If you are interested, please use it and let me know how you feel.

--
Matthew Weier O'Phinney
Project Lead | matthew@zend.com
Zend Framework | http://framework.zend.com/
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

没有评论: