On Mon, Jul 13, 2009 at 2:52 PM, Tim Landscheidt<tim(a)tim-landscheidt.de> wrote:
I don't know what Platonides' point was
specifically but
personally I find "hanging" tags (e. g. lacking close tags)
very error-prone. I think if one has to explicitly close
elements the probability of a "missed" one (that leaves text
bold till kingdom^Wthe next paragraph starts) reduces dras-
tically.
Not all tags in HTML 5 self-close, only some. <b>, for instance, must
be explicitly closed, so you can't get bold running to the end of the
paragraph. It's generally only block-level tags that auto-close, and
it makes no sense to ever close those before the next block begins
(which is when they auto-close). You aren't going to write:
<p>Foo bar
<p>Baz
and actually mean:
<p>Foo</p>
bar
<p>Baz</p>
That would frequently be invalid anyway.
Same goes for attributes in '"'s - if you
put them
around all your attributes, you do not have to think about
whether each single attribute has a value that needs them.
We can have the logic happen automatically in an Html class, like we
do with our Xml class. For manually-added values there's little to no
issue: it's extremely obvious when a string needs quotes.
Even if you use quotes, as in XHTML, you have to be careful to make
sure your content doesn't have the same type of quote as the value
you're adding. We've had XSS vulnerabilities because
htmlspecialchars() escapes only ", not '. That line of false security
will be less attractive if things like spaces break the attribute
values too. You'd realize more quickly that you need to use
Html::attr() or whatever we cook up, and htmlspecialchars() is not
enough.