Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Removed logic that tried to avoid double-escaping
Because that's just not possible (have a look at the unit tests to see all possibilities -- as you will notice, there is no way we can determine the context and whether the data are already escaped or not). So, we always escape data, which means that sometimes, we will try to escape already escaped data. This is not a problem for everything except strings. That's because strings are not wrapped with an object like everything else (for performance reason). This means that all escapers must be able to avoid double-escaping (that's the case for the default escapers as both htmlspecialchars() and htmlentities() have a flag that does just this).
- Loading branch information
Showing
3 changed files
with
48 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
13f36b1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At the risk of saying something stupid: why not test for
is_object && class_implements("BaseEscaper")
when looping over the parameters while escaping..?13f36b1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand your suggestion. Can you be a bit more explicit?
13f36b1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Never mind, it turned out I did say something stupid...
I was under the impression that every kind of value would be decorated with a BaseEscaper object.
If that were the case you could (as you do already for the ArrayDecorator and ObjectDecorator) test if the value that should be escaped wasn't decorated already.
But as it turns out, that's not the case here :-)