Zen: basic output

Back to Zen homepage


1. Autoescape by default

Anonymous users creating web contents are potential hackers and can not be allowed to fill HTML in the web forms. Zen encodes the contents by default.
{="x < 10"}


x < 10

2. Non-escaped output

Sometimes coders need the template system to insert processed HTML. In such cases they should express the intent syntactically to make others aware that the contents is expected to contain HTML.



3. No {} parsing inside script tag

Curly braces are used as Zen tags so they need own escape sequences. They are also not interpreted as Zen tag delimiter inside script tags. One should not generate scripts with templates: the need to repeat parts of code means poor code design. The need to insert code conditionaly should be solved by if-else construct. The need to place server-side variable in the code means introducing magic string and magic numbers in the client scripts. Such data should be placed somewhere in the HTML to disclose their meaning.
§[=html:"<i>italics</i>"]§ <div id="time">loading...</div> <script> function showTime() { document.getElementById("time").innerHTML = new Date().toLocaleTimeString(); } setInterval(showTime, 1000); </script>