On Mon, Jul 13, 2009 at 2:52 PM, Tim Landscheidttim@tim-landscheidt.de wrote:
I don't know what Platonides' point was specifically but personally I find "hanging" tags (e. g. lacking close tags) very error-prone. I think if one has to explicitly close elements the probability of a "missed" one (that leaves text bold till kingdom^Wthe next paragraph starts) reduces dras- tically.
Not all tags in HTML 5 self-close, only some. <b>, for instance, must be explicitly closed, so you can't get bold running to the end of the paragraph. It's generally only block-level tags that auto-close, and it makes no sense to ever close those before the next block begins (which is when they auto-close). You aren't going to write:
<p>Foo bar <p>Baz
and actually mean:
<p>Foo</p> bar <p>Baz</p>
That would frequently be invalid anyway.
Same goes for attributes in '"'s - if you put them around all your attributes, you do not have to think about whether each single attribute has a value that needs them.
We can have the logic happen automatically in an Html class, like we do with our Xml class. For manually-added values there's little to no issue: it's extremely obvious when a string needs quotes.
Even if you use quotes, as in XHTML, you have to be careful to make sure your content doesn't have the same type of quote as the value you're adding. We've had XSS vulnerabilities because htmlspecialchars() escapes only ", not '. That line of false security will be less attractive if things like spaces break the attribute values too. You'd realize more quickly that you need to use Html::attr() or whatever we cook up, and htmlspecialchars() is not enough.