-
-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider encoding everything by default #42
Comments
Good idea! |
Yes. That is true. |
|
General pattern now:
|
It is quite logical as it is and results in not that verbose syntax in templates. If we'll change it we'll have to turn encoding off for majority of simple tags all the time: Html::p('This was a <strong>strong</strong> feeling.', ['encode' => false]); That will likely result in:
Both are alright. |
"no way to disable/enable it" sounds not good. Especially to disable, because when it disabled by default, we can use Html::p('Some text', [
'encode' => false
]); Then use: $encode = ArrayHelper::remove($options, 'encode', true); Please, do not force encoding with no way to disable it. |
If you give a good use case to not encode attributes, I am sure it will be changed. |
Sure, you can imagine good case, to not make things imposdible to disable. |
Nope, never came across one. |
@dicrtarasov of course, we want it to be configurable i.e. you will be able to disable encoding. |
@Mister-42 the use-case to disable encoding is when you need some HTML. For example, Html::p('Hello, <strong>' . Html::encode($username). '</strong>!', [
'encode' => false
]); |
No dispute there, but as you were specific about 'always encode attributes' that is what I replied on. Your example also does not contain attributes and is as such not a use case for my question. |
Ah, right. For attribute values I have no idea why disabling encoding might make sense. @dicrtarasov do you have any? |
I completely agree. |
See yiisoft/yii2#18404. In Yii 3 we can change it safely.
The text was updated successfully, but these errors were encountered: