A week or two ago I just started using Zend Framework seriously and have had trouble escaping manually with Zend_View::escape(). Does anyone knows how to escape vars in templates (Zend_View templates) automatically without using $this->escape(), or any other tricky ways like output buffering and PREG replacing *.phtml files.
I'd like to know the best practice in this case.
You said "automatically", so I believe that that means when you do echo $this->var; you want it escaped. Well, if that's the case, maybe you could do the escaping when the variable is set to the view. AFAIK it's done in the Zend_View_Abstract class' __set magic method* (around line 300). Changing the core ZF code is not recommended, so you could go by extending Z_V_A or Z_V and just override the __set method.
*I'm not 100% sure that Z_V_A::__set is the only place where the params are assigned to the view, but I think it should be. Can't think of any other place for that.
Edit: Personally, I'd avoid this and just stick with the good ol' $this->escape(). More typing but less magic going on in the background.
You have asked for best practice then what you are doing is already it. Wait till when you want to display your data before modifying it only for output reasons.
I understand you find writting ->escape() everytime tedious but its still the way to go.
If you where to auto escape everything then you would run into problems one day when you want/need unescaped data.
You can extend Zend_View to create a custom view class which autoescapes things, or you can use a view helper to turn autoescaping on/off.
I have written a blogpost about it, with example code for both approaches: How to automatically escape template variables in Zend_View