Bug #1929
HTMLSPECIALCHAR OUTPUT
Status: | Resolved | Start date: | 2008-10-31 | |
---|---|---|---|---|
Priority: | Must have | Due date: | ||
Assigned To: | Sebastian Kurfuerst | % Done: | 100% |
|
Category: | - | |||
Target version: | 1.0.0 alpha 1 | |||
Has patch: | Affected Flow version: |
Description
HTMLSpecialChar has to be switched on somewhere (where?), and then each view helper will automatically htmlspecialchar the output coming from ObjectAccessors. ("render"-method in ObjectAccessor)
History
#1 Updated by Thomas Allmer over 6 years ago
I'm just curious - who will needs this?
I mean we all should use UTF-8 right?
#2 Updated by Sebastian Kurfuerst over 6 years ago
The problem is the following:
- if someone writes something like {customer.name}, then sometimes HTML output should be escaped... The question is how to do this nicely.
Greets,
Sebastian
#3 Updated by Bastian Waidelich over 6 years ago
IMHO this should not be done globally. In some cases you don't want to htmlspecialchar variables.
Besides, Fluid should not only work for HTML/XML based templates. So what about
<f3:format.escape>{customer.name}</f3:format.escape>
or
{f3:format.escape(customer.name)}
or
{customer.name, f3:format.escape}
on the other hand.. maybe it should be a default and possibly be switched off if needed..
#4 Updated by Sebastian Kurfuerst about 6 years ago
- Category set to 444
- Status changed from New to Accepted
- Priority changed from Should have to Must have
#5 Updated by Sebastian Kurfuerst about 6 years ago
- Target version set to 1.0.0 alpha 1
#6 Updated by Sebastian Kurfuerst about 6 years ago
- Status changed from Accepted to Resolved
- Assigned To set to Sebastian Kurfuerst
- % Done changed from 0 to 100
- Branch set to v5
resolved