Skip to content
This repository was archived by the owner on Jan 31, 2020. It is now read-only.

Fixes #99 - Missing documentation for Escape view helpers #189

Merged
merged 2 commits into from
Oct 10, 2019
Merged

Fixes #99 - Missing documentation for Escape view helpers #189

merged 2 commits into from
Oct 10, 2019

Conversation

froschdesign
Copy link
Member

No description provided.

michalbundyra
michalbundyra reviewed Oct 10, 2019
View reviewed changes
doc/book/helpers/escape.md
public $headline = '<h1>Foo</h1>';
};

var_dump($this->escapeHtml($object, Zend\View\Helper\EscapeHtml::RECURSE_OBJECT));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is the 2nd param required here?
I assume the same result we get without it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Without the second parameter an exception is thrown:

zend-view/src/Helper/Escaper/AbstractHelper.php

Lines 72 to 74 in b486187

throw new Exception\InvalidArgumentException(
'Object provided to Escape helper, but flags do not allow recursion'
);

michalbundyra
michalbundyra reviewed Oct 10, 2019
View reviewed changes
doc/book/helpers/escape.md Outdated

The following helpers can **escape output in view scripts and defend from XSS
and related vulnerabilities**. To escape different contexts of a HTML document,
zend-view provides 5 helpers:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't like fixed numbers, it's a very big chance that it will be not update if the number of escapers change.
Maybe better "provides the following helpers:" ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very good point! 👍

@michalbundyra michalbundyra added this to the 2.11.3 milestone Oct 10, 2019
michalbundyra added a commit that referenced this pull request Oct 10, 2019
@michalbundyra
Merge pull request #189 from froschdesign/hotfix/docs/99
f2a6011 
Fixes #99 - Missing documentation for Escape view helpers
@michalbundyra michalbundyra merged commit 61bc41e into zendframework:master Oct 10, 2019
michalbundyra added a commit that referenced this pull request Oct 10, 2019
@michalbundyra
Merge branch 'hotfix/189' into develop
9565295 
Forward port #189
@michalbundyra
Copy link
Member

Thanks, @froschdesign!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@michalbundyra michalbundyra michalbundyra approved these changes

@weierophinney weierophinney Awaiting requested review from weierophinney

Assignees
No one assigned
Labels
documentation enhancement
Projects
None yet
Milestone
2.11.3
Development

Successfully merging this pull request may close these issues.
2 participants
@froschdesign @michalbundyra