ZF2-125: Auto-escape feature should be removed



I just realized that you have implemented auto-escape feature in Zend\View component. Looking back in PHP history, and especially Magic Quotes, I must warn that this feature will cause huge debate in the future.

Consider, for example, a case where both scalar and array variables are passed to view. Scalars get escaped automatically, while the scalars in array don't. When someone reviews code like this, it is hard to tell which output is properly escaped and which is not.

I admit that it would be nice not have to escape every output using special method etc., but for me the old way ($this->escape() or similar) seems to be the best way.

I wouldn't even suggest making this feature configurable, but rather removing it altogether. I read the comments about this topic on ZF2 wiki and I didn't see a single post that would correctly address this issue (most of the folks don't seem to comprehend the difference between filtering input and escaping output anyway).


Please take this up on the mailing list, not in the issue tracker.

We have many good reasons for introducing auto-escaping, and many have been discussed in the past (the main reason it wasn't implemented in the v1 series is that by the time the discussion came up, we were already poised to release 1.0 stable).

If you feel strongly that auto-escaping should not be an option, then you need to outline your arguments on the mailing list, and allow for discussion.