Comments (3)
Good catch! That change was unintentional and I think we should fix it.
from smarty.
@timmit-nl the fix was easy enough, but thinking through this, I feel that the behavior of functions, block-tags and auto-escaping is under-defined. In any case, the documentation is rather vague about this. Many (but not all) of the built-in functions, such as {html_checkboxes}
and {html_table}
return html and are not auto-escaped in Smarty4. The same goes for the block plugins. But it feels rather arbitrary. What if your custom function or block tag produces valid HTML, but you need to auto-escape the result into a JSON string? Or vice versa?
It seems to me that function and block handlers should at least somehow indicate what they are returning, i.e. plain text, html, js, etc. That way, we would be able to apply auto-escaping when needed and refrain from it when not needed.
What do you think?
from smarty.
Yes that could be great. Some functions should be escaped, some not.
The only thing is, how do you give the result back, with the correct type. The type is in most cases (or always) a strict string. But how to differentiate is difficult on runtime.
But maybe when you register the function you tell what is is returning and possible an extra bool to force no escaping.
from smarty.
Related Issues (20)
- Referencing native php classes within namespace without define global namespace
- Website www.smarty.net hacked? HOT 3
- Shorthand Syntax HOT 1
- Smarty::setExtensions() killing registered filters HOT 6
- CPU spikes in prod every 5 minutes with Smarty v5 HOT 6
- Suggestion: {namspace} compile tag
- PHP Deprecated: Using Smarty::loadFilter() to load filters is deprecated and will be removed in a future release.
- Smarty v5 $smarty.template behavior doesn't match v5 documentation (it now includes a type and directory part)
- Smarty v5 built-in json_encode modifier doesn't take Smarty $_CHARSET encoding into account, and can't be overridden using registerPlugin() HOT 18
- value and name of backed enums
- use a trailing comma in arrays HOT 1
- Smarty_Internal_Template::render(): Cannot use output buffering in output buffering display handlers HOT 7
- Support nullsafe operator HOT 2
- Fatal error: Uncaught --> Smarty: Unable to write file [file_path] thrown in C:\[project_path]\vendor\smarty\smarty\src\Smarty.php on line 1732 HOT 6
- Smarty5: {config_load config variables not available in all templates HOT 1
- getTemplateVars - why the change in return signature in smarty 5? HOT 2
- PHP 8.3 problem in Template->appendCode() in Smarty 5
- Variable as a parameter in Smarty 5 HOT 7
- Smarty 4.5.2 template generation causes PHP Warning: Array to string conversion error HOT 1
- Smarty5: installation without composer HOT 16
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from smarty.