started view docs

docs/guide/apps-advanced.md

@@ -5,6 +5,11 @@ This template is for large projects developed in teams where backend is divided
 to multiple servers etc. This application template also goes a bit further regarding features and provides essential
 database, signup and password restore out of the box.
 
+Installation
+------------
+
+TBD
+
 Directory structure
 -------------------
 

docs/guide/apps-basic.md

@@ -7,6 +7,11 @@ The application has four pages: the homepage, the about page, the contact page a
 The contact page displays a contact form that users can fill in to submit their inquiries to the webmaster,
 and the login page allows users to be authenticated before accessing privileged contents.
 
+Installation
+------------
+
+TBD
+
 Directory structure
 -------------------
 

docs/guide/overview.md

@@ -5,7 +5,7 @@ Yii is a high-performance, component-based PHP framework for developing
 large-scale Web applications rapidly. It enables maximum reusability in Web
 programming and can significantly accelerate your Web application development
 process. The name Yii (pronounced `Yee` or `[ji:]`) is an acronym for
-"**Yes It Is!**".
+**Yes It Is!**.
 
 
 Requirements

docs/guide/view.md

+View
+====
+
+View is an important part of MVC and is reponsible for how data is presented to the end user.
+
+Basics
+------
+
+Yii uses PHP in view templates by default so in a web application a view typically contains some HTML, `echo`, `foreach`
+and such basic constructs. It may also contain widget calls. Using complex code in views is considered a bad practice.
+Such code should be moved to controller or widgets.
+
+View is typically called from controller action like the following:
+
+```php
+public function actionIndex()
+{
+	return $this->render('index', array(
+		'username' => 'samdark',
+	));
+}
+```
+
+First argument is the view name. In context of the controller Yii will search for its views in `views/site/` where `site`
+is controller ID. For details on how view name is resolved please refer to [yii\base\Controller::render] method.
+Second argument is data array that contains key-value pairs. Value is available in the view as a variable named the same
+as the corresponding key.
+
+So the view for the action above should be in `views/site/index.php` and can be something like:
+
+```php
+<p>Hello, <?php echo $username?>!</p>
+```
+
+Intead of just scalar values you can pass anything else such as arrays or objects.
+
+Layout
+------
+
+Partials
+--------
+
+
+Widgets
+-------
+
+Security
+--------
+
+One of the main security principles is to always escape output. If violated it leads to script execution and,
+most probably, to cross-site scripting known as XSS leading to leaking of admin passwords, making a user to automatically
+perform actions etc.
+
+Yii provides a good toolset in order help you escaping your output. The very basic thing to escape is a text without any
+markup. You can deal with it like the following:
+
+```php
+<?php
+use yii\helpers\Html;
+?>
+
+<div class="username">
+	<?php echo Html::encode($user->name); ?>
+</div>
+```
+
+When you want to render HTML it becomes complex so we're delegating the task to excellent
+[HTMLPurifier](http://htmlpurifier.org/) library. In order to use it you need to modify your `composer.json` first by
+adding the following to `require`:
+
+```javascript
+"ezyang/htmlpurifier": "v4.5.0"
+```
+
+After it's done run `php composer.phar install` and wait till package is downloaded. Now everything is prepared to use
+Yii's HtmlPurifier helper:
+
+```php
+<?php
+use yii\helpers\HtmlPurifier;
+?>
+
+<div class="post">
+	<?php echo HtmlPurifier::process($post->text); ?>
+</div>
+```
+
+Note that besides HTMLPurifier does excellent job making output safe it's not very fast so consider
+[caching result](caching.md).
+
+Alternative template languages
+------------------------------
+
+There are offlicial extensions for [Smarty](http://www.smarty.net/) and [Twig](http://twig.sensiolabs.org/). In order
+to learn more refer to [Using template engines](template.md) section of the guide.