On Fri, Apr 25, 2008 at 2:51 PM, Nathan Nobbe <quickshiftin@xxxxxxxxx> wrote:
> class OutputEscaper {
I dunno man. I have an escape() method on different classes such as
View (which can be told to use htmlspecialchars/entities), DB, etc.
This way you know you're doing $view->escape() or $db->escape()
instead of some generic thing. I think it helps me realize the
context a bit more than a stand-alone escaper that doesn't know the
details of what database I'm using or my target x/html output.
You could then argue that if you're trying to output user values in
HTML you should be working with something like htmlpurifier anyways.
But there are only so many hours in the day...
But back to the original point, you're cheating because you have
instances there, not static calls! :P
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
