[nycphp-talk] Templating engines
Rob Marscher
rmarscher at beaffinitive.com
Wed Jan 23 14:33:29 EST 2008
On Jan 23, 2008, at 2:01 PM, Cliff Hirsch wrote:
> On 1/23/08 1:54 PM, "John Campbell" <jcampbell1 at gmail.com> wrote:
>> If there is a separation between the programmer and the template
>> editor, it presents another problem. Who is responsible for escaping
>> the data?
I decided that the view/template has to be responsible for escaping.
Imagine you have a controller action for displaying a listing... you
could use the same controller action with different templates to
provide: an html view, an rss feed, a json/xml/etc webservice
result. Some of those will have different requirements for escaping
the data. For our company, the programmers do a good amount of the
templates - at least provide an initial version. We train any other
template editors on escaping.. but usually it's already done for them
in the first draft from the programmers and they only need to shuffle
things around. Of course... there's the issue of the programmers not
remembering to escape things in that first draft of the template. It
would be ideal to do peer review and have some kind of testing via
Selenium or something similar to make sure everything is escaped
properly.
More information about the talk
mailing list