Comments (3)
Good catch! That change was unintentional and I think we should fix it.
from smarty.
@timmit-nl the fix was easy enough, but thinking through this, I feel that the behavior of functions, block-tags and auto-escaping is under-defined. In any case, the documentation is rather vague about this. Many (but not all) of the built-in functions, such as {html_checkboxes}
and {html_table}
return html and are not auto-escaped in Smarty4. The same goes for the block plugins. But it feels rather arbitrary. What if your custom function or block tag produces valid HTML, but you need to auto-escape the result into a JSON string? Or vice versa?
It seems to me that function and block handlers should at least somehow indicate what they are returning, i.e. plain text, html, js, etc. That way, we would be able to apply auto-escaping when needed and refrain from it when not needed.
What do you think?
from smarty.
Yes that could be great. Some functions should be escaped, some not.
The only thing is, how do you give the result back, with the correct type. The type is in most cases (or always) a strict string. But how to differentiate is difficult on runtime.
But maybe when you register the function you tell what is is returning and possible an extra bool to force no escaping.
from smarty.
Related Issues (20)
- value and name of backed enums
- use a trailing comma in arrays HOT 1
- Smarty_Internal_Template::render(): Cannot use output buffering in output buffering display handlers HOT 7
- Support nullsafe operator HOT 2
- Fatal error: Uncaught --> Smarty: Unable to write file [file_path] thrown in C:\[project_path]\vendor\smarty\smarty\src\Smarty.php on line 1732 HOT 7
- Request for `prependTemplateDir()` or more options with `addTemplateDir()` - weight, duplicate handling HOT 9
- undefined extension class 'Smarty_Internal_Method_Get_Template_Vars' HOT 1
- Is it possible patch v2 for PHP8 instead of migrating to v4+? HOT 1
- default modifier ignores nocache on variables
- Smarty registered classes check prevents use of class constants to avoid typo bugs in templates HOT 2
- 4.5.3: Function whitelist via Smarty_Security is being ignored
- Misleading error messages with {capture}
- Smarty v5 Error: {section} Tag First Argument Type Mismatch when opening and closing tag on NoCache HOT 3
- Help with Smarty dateformat modifier - change to dd/mm/yyyy HOT 5
- Error: For loop not working when using extends resource type HOT 1
- Smarty Not Working HOT 3
- XAXOKPIMUE
- How to use '|' as '||'? HOT 1
- How it's possible to modifiy tpl_vars subkey inside a plugin function HOT 3
- Feature request. Able to run multiple versions HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from smarty.