Pros and cons of escaping strategies in symfony
I am still not sure in that matter. While turned on we're quite safe but some other problems appear (with passing template variables or counting characters). On the other hand we have magic turned off, everything is clear, but we have to manually escape every variable (that come from untrusted source) in templates. By the way, non-magic solution is used in Ruby-on-Rails.
So the question is: when starting a new project in symfony do you disable escaping_strategy 开发者_JS百科and why?
See the answer to this question for an opinion: Symfony/Doctrine: Unserialize in action vs template
I would also like to see more information on this subject because it's not very clear.
精彩评论