New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Parser library variables escape & template includes #3640
Conversation
I see what you're doing with escape by default, but that's a huge BC break and the escaping itself is not really sensible. Even otherwise, you should use a templating engine like Twig if you want such functionality. CI's Parser class is meant to be dead simple and if we start accepting changes like these, we're also dedicating ourselves to adding and supporting more and more templating features and that's just beyond our targets. In fact, I've thought a few times already about dropping the Parser class in favor of external templating engines for those same reasons, but that will probably happen in CI4. |
@kakysha well, I don't want to create flame here, but php framework that does not use templating engine that cares about escaping can be hacked under 5 seconds. |
@vojtatranta citation for hack claim? |
@LouisMilotte well, you need citation for it? |
@vojtatranta CI's Parser library doesn't escape the output for you, either. It's relatively simple to override it to do so, but, in the end, you're really left to your own devices to secure output in CI. |
@vojtatranta that's not a citation; citation please. edit: I'm not meaning to be an a$!. This is a new claim to me. |
@mwhitneysdsu thats what I am talking about. |
@vojtatranta more so as to why template engines resolve that. At this point it's probably best to just point me at one of these "engines" that achieve what you're talking about rather than flooding this issue log. |
@LouisMilotte Very well, then mostly commonly use in PHP world is propabably Smarty or you can also use Mustache/handlebars Symfony relies on Twig Laravel has nice engine called Blade and last but not least, czech framework Nette has awesome templating library which I use in CI if I have something in legacy code, it's called Latte. |
"I don't want to ... but here it is". You resurrected a 4-months old discussion for the sake of argument. Please don't use our issue tracker as a forum board. |
Added functionality for escaping data and including template in to template.
{var} - prints escaped data
{{var}} - prints unescaped data
@include(template_name) - includes one view to another