TIP: Use Markdown or, <pre> for multi line code blocks / <code> for inline code.
These forums are read-only and for archival purposes only!
Please join our new forums at discourse.kohanaframework.org
kostache and html::chars
  • I just stumbled upon Zombor's fix for mustache:

    http://github.com/zombor/mustache.php/commit/09f32cb85384768b2b81927e264444b3f630b2c2

    Does this mean we can't use html::chars with mustache because it already does it for us? I'm not sure I like this behind the scene behaviour, or did I miss something? Just wondering, since it seems to be that you don't always want to escape your html?

    Are there any other routines run in the background that we should know about?
  • There's a discussion in the "template engine scene" that all output should be escaped. Most of the developer forget this, so some think, it should do out of the box and the developer have to define, where he doesn't want it (if the output comes from a secure source).

    Doing the Poka-Yoke explains it a bit.
  • Interesting. Especially since the view isn't necessarily going to be HTML. Maybe there needs to be a step between the view class and the template. We could then prepare the data differently for a HTML template and an EXCEL one for example.

    view class -> output preperation (depending on template type) -> template
  • Well yeah, the template should be responsible for that.

    If it's HTML you put HTML::chars($foo) yourself into the template or having "magic" functions.

    Probably you have to turn the template into an object or creating special views classes like zombor in kohana-view.


    $this->template->content = new View_Category; // View::factory('category');

    class View_Category extends View_HTML {}

    class View_HTML {
    // contains escaping
    }
  • Mustache escapes the output by default, but you can specify if you don't want a variable escaped by enclosing it in triple braces:
    {{{form_element}}}
  • or you can turn it off on the class level iirc.
  • Or you can use the & command (unescape):

    {{& not_escaped}}
  • That's the same as the three braced exampled above.
  • Thanks guys.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion