Currently I'm escaping content as it goes into the database (default behavior for Zend_Filter_Input) however this creates issues with updating information because html entities that have been previously escaped as & become & etc. I could fix this but the current solution is flawed in that I really don't want to perform presentational transformations on the data when putting in it in the database, I'd rather do it only when rendering the view.
In my View (using Zend_View so the the view is an object), I make calls to object properties and methods to populate the template like so:
Code: Select all
<?= $this->user->name ?> // Outputs John Doe
<br/>
<?= $this->user->getCompany()->name ?> // Outputs Acme
<br/>
<?= $this->method() ?> // Outputs foobarAs I see it right now, I either have to escape the input as it goes into the database or use compiled templates like Smarty does, or switch to assigning every variable to the View object so that it has direct control to force escaping before outputting the data, or use __get() within the model to escape the values if the template is being rendered; none of which is really optimal.