Pros and cons of escaping strategies in symfony
Posted
by zergu
on Stack Overflow
See other posts from Stack Overflow
or by zergu
Published on 2010-04-28T07:49:58Z
Indexed on
2010/04/28
7:53 UTC
Read the original article
Hit count: 290
I am still not sure in that matter. While turned on we're quite safe but some other problems appear (with passing template variables or counting characters). On the other hand we have magic turned off, everything is clear, but we have to manually escape every variable (that come from untrusted source) in templates. By the way, non-magic solution is used in Ruby-on-Rails.
So the question is: when starting a new project in symfony do you disable escaping_strategy and why?
© Stack Overflow or respective owner