I think my solution back in the day was just to include the template files by ru... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jiggy2011 on Jan 10, 2013 \| parent \| context \| favorite \| on: Improve PHP Disk I/O & remove Race conditions by u... I think my solution back in the day was just to include the template files by running a function, something like showTemplate($templateName, $templateVars). The function takes an array as an arg so only these values are available to the template context (apart from the many global vars of course). You can then run this entire array through htmlentities or htmlspecialchars before doing include().

mcovey on Jan 11, 2013 [–]

this is exactly how many modern frameworks do it. your response body is assembled and cached as your application executes, along with any variables it needs, and before the template is rendered the variables are sanitized.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact