[nycphp-talk] Templating engines
Daniel Convissor
danielc at analysisandsolutions.com
Wed Jan 23 17:34:01 EST 2008
On Wed, Jan 23, 2008 at 01:54:43PM -0500, John Campbell wrote:
>
> If there is a separation between the programmer and the template
> editor, it presents another problem. Who is responsible for escaping
> the data?
>
> Do you do:
> {$user.first_name|escape} {$user.last_name|escape}
Here, the folks use a customized class that extends Smarty. Our
constructor adds a default_modifier. This way _all_ variables
automatically get escaped, unless a given template specifically says to
get the variable with nodefaults.
http://www.smarty.net/manual/en/variable.default.modifiers.php
Here's how we do it, specifically, in the __construct() method:
$this->register_modifier('myescape', array($this, 'myescape'));
$this->default_modifiers = array('myescape');
Then there's a myescape() method in the class.
>From the manual, it seems one could just rely on Smarty's escape
mechanism by just doing this in the constuctor:
$this->default_modifiers = array('escape:html');
Now there's no guessing, no need to write "|escape" in each variable use
and no manually escaping the stuff in your PHP.
--Dan
--
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
data intensive web and database programming
http://www.AnalysisAndSolutions.com/
4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
More information about the talk
mailing list