Comments for Eli's Ramblings http://eliw.wordpress.com Random thoughts on random topics Wed, 25 Nov 2009 07:55:31 +0000 http://wordpress.com/ hourly 1 Comment on In Response to Fabien Potencier: Twig & PHP Templating by gaiz http://eliw.wordpress.com/2009/10/07/in-response-to-fabien-potencier-twig-php-templating/#comment-326 gaiz Wed, 25 Nov 2009 07:55:31 +0000 http://eliw.wordpress.com/?p=131#comment-326 I strongly disagree your quote "you shouldn’t be escaping inside of your templating language." because if user enter incorrect input, page should re-enter the form and escaping is required. and "you should be handling all escaping as needed before the data gets to your template." Template engine should handle presentation layer, if template use for creating other format (not HTML), it must not escape, right? I strongly disagree your quote “you shouldn’t be escaping inside of your templating language.”
because if user enter incorrect input, page should re-enter the form and escaping is required.

and “you should be handling all escaping as needed before the data gets to your template.”

Template engine should handle presentation layer,
if template use for creating other format (not HTML), it must not escape, right?

]]> Comment on Interviewing Programmers by Why Coding Tests Are A Bad Interview Technique | BrandonSavage.net http://eliw.wordpress.com/2008/12/04/interviewing-programmers/#comment-325 Why Coding Tests Are A Bad Interview Technique | BrandonSavage.net Mon, 02 Nov 2009 05:00:38 +0000 http://eliw.wordpress.com/?p=100#comment-325 [...] application. This is absurd, for several reasons. Eli White spends a good deal of time arguing why coding tests are bad. I won’t rehash that [...] [...] application. This is absurd, for several reasons. Eli White spends a good deal of time arguing why coding tests are bad. I won’t rehash that [...]

]]> Comment on In Response to Fabien Potencier: Twig & PHP Templating by 網站製作學習誌 » [Web] 連結分享 http://eliw.wordpress.com/2009/10/07/in-response-to-fabien-potencier-twig-php-templating/#comment-324 網站製作學習誌 » [Web] 連結分享 Mon, 26 Oct 2009 10:58:23 +0000 http://eliw.wordpress.com/?p=131#comment-324 [...] In Response to Fabien Potencier: Twig & PHP Templating [...] [...] In Response to Fabien Potencier: Twig & PHP Templating [...]

]]> Comment on In Response to Fabien Potencier: Twig & PHP Templating by Linktipps #16 :: Blackflash http://eliw.wordpress.com/2009/10/07/in-response-to-fabien-potencier-twig-php-templating/#comment-320 Linktipps #16 :: Blackflash Sat, 10 Oct 2009 21:09:43 +0000 http://eliw.wordpress.com/?p=131#comment-320 [...] [...] [...] [...]

]]> Comment on In Response to Fabien Potencier: Twig & PHP Templating by Webby Scripts In Response to Fabien Potencier: Twig & PHP Templating « Eli's … http://eliw.wordpress.com/2009/10/07/in-response-to-fabien-potencier-twig-php-templating/#comment-319 Webby Scripts In Response to Fabien Potencier: Twig & PHP Templating « Eli's … Sat, 10 Oct 2009 13:10:02 +0000 http://eliw.wordpress.com/?p=131#comment-319 [...] the original here: In Response to Fabien Potencier: Twig & PHP Templating « Eli's … [...] [...] the original here: In Response to Fabien Potencier: Twig & PHP Templating « Eli's … [...]

]]> Comment on In Response to Fabien Potencier: Twig & PHP Templating by Sandboxing PHP « Colateck http://eliw.wordpress.com/2009/10/07/in-response-to-fabien-potencier-twig-php-templating/#comment-316 Sandboxing PHP « Colateck Fri, 09 Oct 2009 11:33:25 +0000 http://eliw.wordpress.com/?p=131#comment-316 [...] in PHP Eli White posted a response to a posting by Fabien Potencier about using PHP as a template language versus custom template [...] [...] in PHP Eli White posted a response to a posting by Fabien Potencier about using PHP as a template language versus custom template [...]

]]> Comment on In Response to Fabien Potencier: Twig & PHP Templating by gggeek http://eliw.wordpress.com/2009/10/07/in-response-to-fabien-potencier-twig-php-templating/#comment-315 gggeek Fri, 09 Oct 2009 08:02:11 +0000 http://eliw.wordpress.com/?p=131#comment-315 About variable escaping: the reason it has to be done by the templating language and not by the coder (either) is exactly the one you mention: it is too vital! You can look at it as layer for sending commands to an external system (the browser in this case), and the similarity with sql cannot escape you. Leaving it up to coders to avoid sql injection has historically been a recipe for doom, with the correct approach being usage of bind variables, where it's the api that does the escaping in a transparent way - they key word here is 'transparent', as Fabien correctly pointed out... About variable escaping: the reason it has to be done by the templating language and not by the coder (either) is exactly the one you mention: it is too vital!
You can look at it as layer for sending commands to an external system (the browser in this case), and the similarity with sql cannot escape you. Leaving it up to coders to avoid sql injection has historically been a recipe for doom, with the correct approach being usage of bind variables, where it’s the api that does the escaping in a transparent way – they key word here is ‘transparent’, as Fabien correctly pointed out…

]]> Comment on In Response to Fabien Potencier: Twig & PHP Templating by Daily Digest for 2009-10-08 | Pedro Trindade http://eliw.wordpress.com/2009/10/07/in-response-to-fabien-potencier-twig-php-templating/#comment-314 Daily Digest for 2009-10-08 | Pedro Trindade Fri, 09 Oct 2009 07:01:59 +0000 http://eliw.wordpress.com/?p=131#comment-314 [...] In Response to Fabien Potencier: Twig & PHP Templating « Eli’s Ramblings [...] [...] In Response to Fabien Potencier: Twig & PHP Templating « Eli’s Ramblings [...]

]]> Comment on In Response to Fabien Potencier: Twig & PHP Templating by Ben Dunlap http://eliw.wordpress.com/2009/10/07/in-response-to-fabien-potencier-twig-php-templating/#comment-313 Ben Dunlap Thu, 08 Oct 2009 17:48:32 +0000 http://eliw.wordpress.com/?p=131#comment-313 "It’s the common curse of the templating language. It starts as simple. But as people need to perform more complicated tasks..." In other words, Greenspun's Tenth Rule -- web edition. “It’s the common curse of the templating language. It starts as simple. But as people need to perform more complicated tasks…”

In other words, Greenspun’s Tenth Rule — web edition.

]]> Comment on In Response to Fabien Potencier: Twig & PHP Templating by Eli http://eliw.wordpress.com/2009/10/07/in-response-to-fabien-potencier-twig-php-templating/#comment-312 Eli Thu, 08 Oct 2009 16:19:14 +0000 http://eliw.wordpress.com/?p=131#comment-312 Hey notjosh, Thanks for your reply! In quick response though: Yes, I've done a lot of templating code. And yes, I personally find that foreach much easier to maintain, than many of the other options that have been presented. I did grasp his notions, and they are good notions, I stated that. Yes, Fabien wasn't the original author, he stated that. But he also stated that he rewrote huge swaths of the code, and it's now a Sensio Labs project. As far as short tags being a 'pretty horrible practice', I think you missed my point. You are correct that many experts, authors, speakers, etc all tout the line that short tags are of the devil. Heck, I do it myself. But at the same time, a very large swath of the PHP using populace, while shunning , in fact love and cherish for templating. To the point that some of us have been considering adding a separate language option to enable just it. Thanks again for your comment! Hey notjosh, Thanks for your reply! In quick response though:

Yes, I’ve done a lot of templating code. And yes, I personally find that foreach much easier to maintain, than many of the other options that have been presented.

I did grasp his notions, and they are good notions, I stated that. Yes, Fabien wasn’t the original author, he stated that. But he also stated that he rewrote huge swaths of the code, and it’s now a Sensio Labs project.

As far as short tags being a ‘pretty horrible practice’, I think you missed my point. You are correct that many experts, authors, speakers, etc all tout the line that short tags are of the devil. Heck, I do it myself. But at the same time, a very large swath of the PHP using populace, while shunning , in fact love and cherish for templating. To the point that some of us have been considering adding a separate language option to enable just it.

Thanks again for your comment!

]]>