Pros and cons of escaping strategies in symfony

Posted by zergu on Stack Overflow See other posts from Stack Overflow or by zergu
Published on 2010-04-28T07:49:58Z Indexed on 2010/04/28 7:53 UTC
Read the original article Hit count: 290

Filed under:
|

I am still not sure in that matter. While turned on we're quite safe but some other problems appear (with passing template variables or counting characters). On the other hand we have magic turned off, everything is clear, but we have to manually escape every variable (that come from untrusted source) in templates. By the way, non-magic solution is used in Ruby-on-Rails.

So the question is: when starting a new project in symfony do you disable escaping_strategy and why?

© Stack Overflow or respective owner

Related posts about symfony

Related posts about escaping