[wp-trac] [WordPress Trac] #50867: An API which encourages automatic escaping of HTML
WordPress Trac
noreply at wordpress.org
Tue Aug 11 10:05:18 UTC 2020
#50867: An API which encourages automatic escaping of HTML
-------------------------------------------------+-------------------------
Reporter: noisysocks | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: General | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-unit-tests needs- | Focuses:
docs dev-feedback 2nd-opinion |
-------------------------------------------------+-------------------------
Comment (by ayeshrajans):
Thanks for creating this ticket. I come from a Drupal background, where we
had a render API for as long as we remember.
- Drupal render API (Array based, supports associative arrays converted
to HTML structures).
- https://github.com/spatie/html-element - a bit modern approach.
- PEAR QuickHTML (It's a pear package 😓).
The problem we faced with the Drupal render API (perhaps the most widely
used implementation due to Drupal's popularity is that the implementation
of the feature practically creates a new domain language that can out off
outsiders to WordPress.
In Drupal, each HTML element is an array, which supports nested elements
too. Due to historical reasons, they are not objects, which makes it not
so easy to autocomplete in IDEs, generate documentation, etc.
Onna higher level, having such an API will be quite benefiting in many
areas.
- Automatic and context-aware string escaping.
- Rendering content to other formats than HTML.
- Automatic CSRF/Validation support for forms.
- Positibility to expose hooks to easily alter HTML.
- Caching improvements such as partial caching, lazy rendering, etc.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50867#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list