Propose a templating language? #49
Labels
question
Further information is requested
Comments
|
I missed this earlier, but there's already #33472-core :) It might be worth keeping this open for a bit, just to consider whether that's something we should try to help move forward as part of this project. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Similar to prepared statements (#44), a templating language like Twig et al could reduce a lot of complexity when it comes to escaping. In React, output is escaped by default, and you have to use
dangerouslySetInnerHTML()to intentionally output raw HTML. IMO, that's the correct approach from a security perspective.It's also very convenient that the templating language detects the context for you, so you just write
{{ $foo }}everywhere, and it knows when it should useesc_htmlvsesc_attrvsesc_url, etc. You can still override the default with things like{{ $foo|my_custom_escaping_function }}if needed.That would be a huge shift for the WP ecosystem, but could be worth considering.
The text was updated successfully, but these errors were encountered: