Open weierophinney opened 4 years ago
The example used on https://docs.zendframework.com/zend-escaper/escaping-url/ is not only building a URL. It is also outputting this URL in an HTML context. So this is a case of nested contexts:
This is kind of unfortunate to show this as a good usage of escaping when a previous chapter was precisely warning about nested contexts.
The example should either be improved to apply the necessary HTML escaping, or be replaced by another example using the URL in a non-HTML context.
Originally posted by @stof at https://github.com/zendframework/zend-escaper/issues/31
The example used on https://docs.zendframework.com/zend-escaper/escaping-url/ is not only building a URL. It is also outputting this URL in an HTML context. So this is a case of nested contexts:
This is kind of unfortunate to show this as a good usage of escaping when a previous chapter was precisely warning about nested contexts.
The example should either be improved to apply the necessary HTML escaping, or be replaced by another example using the URL in a non-HTML context.
Originally posted by @stof at https://github.com/zendframework/zend-escaper/issues/31