Open phillip-haydon opened 9 years ago
I would like to give a shot at implementing this.
I do see one issue: simply switching the functionality around (e.g. @ would encode by default and @! would print the raw content) will cause dangerous behaviour in all SSVE views ever implemented. Is forcing all users to update all their SSVE views acceptable for a 2.0 release?
ping @phillip-haydon
@grumpydev what's your view on this issue, do you agree with it?
I would suggest extending the functionality and implicitly HTML encode on output while keeping the '!' as explicitly HTML encoding (thus making it redundant, and probably remove it in a 3.0 or so) but this avoids breaking people who are doing the safe (and sane) thing of HTML encoding outputs. Changing previously safe behaviour to unsafe behaviour does not feel right for me.
Perhaps introduce ':' as explicitly requesting a raw output?
ping @grumpydev
This is more of a reminder for V2.0
Currently HTML encoding values is Opt In instead of Opt Out. HTML Encoding should always be Opt Out.