tags:

views:

123

answers:

1
+1  Q: 

Pros and cons of escaping strategies in symfony

I am still not sure in that matter. While turned on we're quite safe but some other problems appear (with passing template variables or counting characters). On the other hand we have magic turned off, everything is clear, but we have to manually escape every variable (that come from untrusted source) in templates. By the way, non-magic solution is used in Ruby-on-Rails.

So the question is: when starting a new project in symfony do you disable escaping_strategy and why?

A: 

See the answer to this question for an opinion: http://stackoverflow.com/questions/2513185/symfony-doctrine-unserialize-in-action-vs-template

I would also like to see more information on this subject because it's not very clear.

Tom  2010-04-28 12:47:32

related questions

Regexp for quoted string with escaping quotes
Escape path separator in a regular expression
C# code to convert XHTML doc to plain text
system() copy fails, while cmd copy works
Colorize logs in eclipse console
Editing escaped code (for display)
Extra backslashes being added in PHP
Is there a way to escape a CDATA end token in xml?
Escaping ' in Access SQL
Escaping in a ILIKE query
Escaping a String from getting regex parsed in Java
Pass a PHP string to a Javascript variable (including escaping newlines)
Using Quotes within getRuntime().exec
How to insert a string which contains an "&"
PHP regex to remove multiple ?-marks
How can i parse a comma delimited string into a list (caveat)?
WPF and string formatting
How do I escape the wildcard/asterisk character in bash?
How do I escape a string inside javascript inside an onClick handler?
How to match a single quote in sed
How to escape text for regular expression in Java
How to escape XML content with XSL to safely output it as JSON?
How to escape < and > inside <pre> tags
How to escape os.system() calls in Python?
Escaping XML tag contents