On Tue, 14 May 2013 09:45:05 -0700, Chris Steipp csteipp@wikimedia.org wrote:
On Tue, May 14, 2013 at 2:34 AM, Antoine Musso hashar+wmf@free.fr
Another template engine is Twig. It is used by the Silex micro engine (based on Symfony2). See: http://twig.sensiolabs.org/
Examples:
{{ foobar }} # not escaped {{ unsafevar|escaped }} # yeah protection!
You can iterate:
<ul id="users"> {% for user in users %} <li><a href="{{ user.href }}">{{ users.name }}</a></li> {% endfor %}
I'll actually admit this is one reason why templating makes me nervous. DOM text, attribute values, and urls all need different validation and escaping, so you can't just look at the template and make sure everything has |e, nor can you look at the PHP and see that everything is escaped before being passed to the template. And looking at both and making sure that each variable in the output has been correctly escaped for the html context in the PHP is a lot more work than just seeing $output .= Html::element( ... ).
Same here. This is actually why along for my skin rewrite plans the template system I was working on for it is context sensitive. I've contemplated now and then about the idea of tweaking that idea so a similar context sensitive template system could be used in general code.