--
You received this message because you are subscribed to the Google Groups "Joomla! General Development" group.
To post to this group, send an email to joomla-de...@googlegroups.com.
To unsubscribe from this group, send email to joomla-dev-gene...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/joomla-dev-general?hl=en-GB.
> I've noticed both htmlspecialchars and $this->escape being
> used throughout the CMS. Is there a preference of one over the other? Are
> there times when one is better than the other?
The escape method depends on the view/document type. htmlspecialchars()
is suitable for HTML and maybe XML views, but not for fx. raw view,
where no escaping should happen. Other view (or document) types may
require totally different kinds of escaping.
So using JView::escape() is the better option.
Regards,
Niels
--
| http://barcamp-wk.de · 1. Barcamp Westküste 2./3. März 2012 |
| http://www.bsds.de · BSDS Braczek Software- und DatenSysteme |
| Webdesign · Webhosting · e-Commerce · Joomla! Content Management |
------------------------------------------------------------------
The escape method depends on the view/document type. htmlspecialchars()
is suitable for HTML and maybe XML views, but not for fx. raw view,
where no escaping should happen. Other view (or document) types may
require totally different kinds of escaping.
So using JView::escape() is the better option.
Ah, hence using both methods. Thanks for the clarification! I was finding it very confusing.Would be it safe to assume that $this->escape won't be deprecated at any point soon then?
> Are you suggesting that JView::escape() could be used everywhere, and in
> place of htmlspecialchars?
At the end, yes. I'm only concerned about, whether JView is the right
place for the method to be. I think, JDocument is more appropriate.
JView should just provide a proxy to the (not yet existing)
JDocument::escape(). That way, views and templates still can use
$this->escape(), and the escape method is available to modules and other
stuff.
> At the end, yes. I'm only concerned about, whether JView is the right
> place for the method to be. I think, JDocument is more appropriate.
> JView should just provide a proxy to the (not yet existing)
> JDocument::escape(). That way, views and templates still can use
> $this->escape(), and the escape method is available to modules and other
> stuff.
As far as I know it's still a possibility that JDocument is gonna get deprecated. I think in the next few week a discussion about a new MVC pattern will start in the platform. I suggest to bring this topic up again at that time.
Rouven
Could templates also use JView, therefore allowing a standardized method of escaping data?
Best,
Matt
Sent from my phone that uses an open source operating system.
--
You received this message because you are subscribed to the Google Groups "Joomla! General Development" group.
To view this discussion on the web, visit https://groups.google.com/d/msg/joomla-dev-general/-/fIeTRvit2KYJ.
Regards,
Andrew Eddie
http://learn.theartofjoomla.com - training videos for Joomla 1.7 developers
Regards,
Andrew Eddie
http://learn.theartofjoomla.com - training videos for Joomla 1.7 developers