On 04/02/2014 04:33 AM, Nuria Ruiz wrote:
My bigger point was to highlite that with a string
concatenation engine you
can satisfy security concerns plus have a template engine that performs
really well if you respect the data and markup separation.
The runtime is string-based for performance in both cases. That's what makes
TAssembly so fast [2]. The difference is that the DOM-based KnockOff
compiler systematically enforces DOM balancing and attribute sanitization,
while without such a compiler you have to do so manually.
Gabriel
[1]:
https://www.mediawiki.org/wiki/Talk:Requests_for_comment/HTML_templating_li…
[2]:
https://www.mediawiki.org/wiki/Requests_for_comment/HTML_templating_library…