Should fix #383

@bobthecow could you please give me a feedback to this PR?

Thanks for the pull request! I haven't thought through all the implications of this change, but I'm not sure it's the best answer. See my comment here: #386 (comment)

@bobthecow I see. It would convert error to warning this way, if wrong variable is provided.
What about
const DEFAULT_ESCAPE = 'htmlspecialchars(%s ?? (string) %s, %s, %s)';
to just deal with nulls?

Does it look better now?

It … might surprise you to learn the minimum supported PHP version for this library 😛

Thinking through this a bit more, here's what basically anything you can render looks like:

We need to maintain the current (un-cast) behavior. It makes sense for a template engine.

It turns out that, with or without an explicit cast, everything behaves correctly for all scalars all the way up to PHP 8.0. PHP 8.1 looks just like PHP 8.0, but they throw in this deprecation warning when calling htmlspecialchars(null) 😕

For everything that's not a scalar, we don't want an explicit cast. Casting non-scalars to strings gives us the literal string "Array", some random warnings, notices and errors, and a "Resource id #1" thrown in for good measure. Note that PHP 8.0+ throws a type error for un-cast non-scalars, but in my opinion, that's the correct thing to do in PHP 8.0+ for all of those cases. So the un-cast version is strictly better, for every PHP version, IMO.

Which leaves us with one outlier: null in PHP 8.1+. I think we need to deal with it explicitly. And since (string) null === '' we can do this in a much more performant way!

Thank you so much for working on this. I'll push the fix I have in mind, and get it in the next release.

Yes, good point about the older versions :D
Thank you for the fix! :)