Bug #1929

HTMLSPECIALCHAR OUTPUT

Added by Sebastian Kurfuerst almost 13 years ago. Updated about 11 years ago.

Status:
Resolved
Priority:
Must have
Category:
-
Target version:
Start date:
2008-10-31
Due date:
% Done:

100%

Estimated time:
Has patch:

Description

HTMLSpecialChar has to be switched on somewhere (where?), and then each view helper will automatically htmlspecialchar the output coming from ObjectAccessors. ("render"-method in ObjectAccessor)

#1

Updated by Thomas Allmer over 12 years ago

I'm just curious - who will needs this?

I mean we all should use UTF-8 right?

#2

Updated by Sebastian Kurfuerst over 12 years ago

The problem is the following:
- if someone writes something like {customer.name}, then sometimes HTML output should be escaped... The question is how to do this nicely.

Greets,
Sebastian

#3

Updated by Bastian Waidelich over 12 years ago

IMHO this should not be done globally. In some cases you don't want to htmlspecialchar variables.
Besides, Fluid should not only work for HTML/XML based templates. So what about

<f3:format.escape>{customer.name}</f3:format.escape>
or {f3:format.escape(customer.name)}
or {customer.name, f3:format.escape}

on the other hand.. maybe it should be a default and possibly be switched off if needed..

#4

Updated by Sebastian Kurfuerst over 12 years ago

  • Category set to 444
  • Status changed from New to Accepted
  • Priority changed from Should have to Must have
#5

Updated by Sebastian Kurfuerst over 12 years ago

  • Target version set to 1.0.0 alpha 1
#6

Updated by Sebastian Kurfuerst over 12 years ago

  • Status changed from Accepted to Resolved
  • Assignee set to Sebastian Kurfuerst
  • % Done changed from 0 to 100
  • Branch set to v5

resolved

Also available in: Atom PDF