开发者

How can I automatically escape data in views with Kohana 2 or KO3

开发者 https://www.devze.com 2023-01-21 15:00 出处:网络
What\'s the best way to 开发者_如何学运维escape data from Models or Controllers to easily and safely display them in views. It seems kind of overkill to use html::specialchars($varname) for every data

What's the best way to 开发者_如何学运维escape data from Models or Controllers to easily and safely display them in views. It seems kind of overkill to use html::specialchars($varname) for every data variable. It can also cause problems if a programmer forgets to "escape" data.

I've also encountered problems escaping ORM objects within loops.


I wrote the Twig module gimpe has suggested and by default it automatically escapes all data. You might also want to look into Kostache. It's a class based view system that does automatic escaping.

Regarding your comment:

Is there a way to do this directly from the Model

You don't want to escape the data here because HTML escaped data doesn't make sense in all output formats, eg: JSON and XML.

Do the escaping at the view level.


One way to achieve that is using a templating engine like Twig for the views. (see KO3 module http://github.com/ThePixelDeveloper/kohana-twig)

Then you simply need to load the Escaper extension:

Twig_Extension_Escaper: Adds automatic output-escaping and the possibility to escape/unescape blocks of code.

Ref.: http://www.twig-project.org/book/03-Twig-for-Developers

0

精彩评论

暂无评论...
验证码 换一张
取 消