Hacker News new | ask | show | jobs
by nostrademons 5977 days ago
Couple questions:

1. How is this different from Django filters? Is it that the default is HTML escaping instead of having to specify the escaping with each template variable?

2. How does it handle different escaping contexts? For example, text in html attributes needs to be escaped differently from text in the body of the document. Text in URLs or JavaScript has to be escaped differently still, and often times you have to combine these escapings (eg. a JavaScript onClick attribute). Is XHP smart enough to recognize these different contexts and do the right thing, or do you need to fall back to some manual mechanism?
2 comments
ivankirigin 5977 days ago
Filters are tags in django templates that live in .html files with a bit of logic in a bespoke mini language. XHP for python would be something like this.

  def view_foo( request ):
    baz = "roger, roger"
    return render_foo( baz )
  
  def render_foo( name ):
    return <html><head></head><body>hi, {name}</body></html>
The most glaring difference is that instead of template logic and keywords, you can use python. You definitely want to sequester rendering from the rest of your view, but I see little benefit to django templates. Missing from this code sample is some django middleware which renders a proper HttpResponse() from the XHP return.

I don't know well enough to answer about escaping. Check out the framework, and try it for yourself :)

link
drusenko 5977 days ago
I'm also very interested in how it is able to escape properly... anybody?
link
cmelbye 5977 days ago
I've skimmed through the docs. Each tag that you can use is a PHP class. It knows exactly which attributes it can take and it can do some validations on the attribute values. I'd assume that it knows when there's supposed to be JS in an attribute value and when there's supposed to be text.
link