Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make escaping on ternary expressions more fine-grained #2934

Merged
merged 1 commit into from
Apr 11, 2019
Merged

Make escaping on ternary expressions more fine-grained #2934

merged 1 commit into from
Apr 11, 2019

Conversation

fabpot
Copy link
Contributor

@fabpot fabpot commented Apr 10, 2019
edited
Loading

closes #2146
closes #449
closes #539
closes #1174
closes #1320
closes #1739
closes #1333

@fabpot fabpot force-pushed the ternary-escaping branch from a71800c to b86c6de Compare April 10, 2019 20:57
@fabpot fabpot changed the title [WIP] Make escaping on ternary expressions more fine-grained Make escaping on ternary expressions more fine-grained Apr 10, 2019
@fabpot
Copy link
Contributor Author

fabpot commented Apr 10, 2019

@stof @nicolas-grekas Could you review this PR please? It's an important one as it involves escaping and I don't want to introduce a security issue.

@fabpot fabpot force-pushed the ternary-escaping branch 2 times, most recently from 2290cc4 to 7b85aa5 Compare April 10, 2019 21:03
@fabpot fabpot mentioned this pull request Apr 11, 2019
Closed
@fabpot fabpot force-pushed the ternary-escaping branch 3 times, most recently from ed34d1a to 00a6c2b Compare April 11, 2019 07:28
This was referenced Apr 11, 2019
Merged
Closed
Closed
Closed
Closed
Closed
@fabpot fabpot force-pushed the ternary-escaping branch from 00a6c2b to 7e6e0a6 Compare April 11, 2019 07:38
@fabpot fabpot force-pushed the ternary-escaping branch from 7e6e0a6 to 71c36dc Compare April 11, 2019 07:59
stof
stof suggested changes Apr 11, 2019
View reviewed changes
@stof
Copy link
Member

stof commented Apr 11, 2019

The existing auto-escaping rule (requiring both sides to be safe for the ternary to be safe) still applies when the ternary is nested in a more complex expressions ((var ?? 'something')|nl2br for instance), right ?

@fabpot
Copy link
Contributor Author

fabpot commented Apr 11, 2019

@stof that's correct.

@fabpot fabpot force-pushed the ternary-escaping branch from 71c36dc to 205b2c9 Compare April 11, 2019 10:19
@stof
Copy link
Member

stof commented Apr 11, 2019

Then the doc needs to make this more clear IMO. The note you added may make people think this would not be the case anymore.

@stof
Copy link
Member

stof commented Apr 11, 2019
edited
Loading

We have an optimization in NullCoalesceExpression to use ?? when we have a NameExpression as expr2. This change will kill that in print nodes as any NullCoalesceExpression would be turned into a normal ConditionalExpression (with the right test though, but not the optimization).

Should we unwrap things and wrap then in an InlinePrintNode all the time, or only when the safety rules would be different for both branches ? If rules are the same in both branches, applying the escaping as done today does not hurt, but let the ConditionalExpression optimize itself when possible.

@fabpot fabpot force-pushed the ternary-escaping branch from 205b2c9 to ac8f367 Compare April 11, 2019 15:22
@fabpot
Copy link
Contributor Author

fabpot commented Apr 11, 2019

@stof we now only unwrap when the safety is not the same on the two branches.

@fabpot fabpot force-pushed the ternary-escaping branch from ac8f367 to 906672e Compare April 11, 2019 15:25
@fabpot fabpot force-pushed the ternary-escaping branch from 906672e to dfa9411 Compare April 11, 2019 15:26
@fabpot fabpot merged commit dfa9411 into twigphp:1.x Apr 11, 2019
fabpot added a commit that referenced this pull request Apr 11, 2019
@fabpot
feature #2934 Make escaping on ternary expressions more fine-grained …
11afd51 
…(fabpot)

This PR was merged into the 1.x branch.

Discussion
----------

Make escaping on ternary expressions more fine-grained

closes #2146
closes #449
closes #539
closes #1174
closes #1320
closes #1739
closes #1333

Commits
-------

dfa9411 made escaping on ternary expressions more fine-grained
@fabpot fabpot deleted the ternary-escaping branch April 11, 2019 19:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mykiwi mykiwi mykiwi left review comments

@nicolas-grekas nicolas-grekas nicolas-grekas approved these changes

@stof stof stof approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@fabpot @stof @nicolas-grekas @mykiwi