Revision 71ccbc88-8af8-471f-9ad1-97ee18d2959a

I'm not particularly fond of the style of coding, not everything needs to be a class. But there is only one point that I feel warrants _significant_ attention:

## Huge Point: Not escaping means not useful

> WARNING! WARNING! WARNING! ...<br />
> -------------------------------------------- ...<br />
> None of the strings you see in the following classes are escaped/secured against any kind ofSQL Injections, XSS attacks, or any other sort of attack for that matter!

There would be little point using the code as presented if it didn't make life easy, and not escaping any of the properties would make it cumbersome and error-prone to use.

E.g. you've got this in the Testing section

    new Label($label ...

What is going to happen if $label is `"Categories > Food"` or any other innocent string that will cause malformed html as a result? _Why_ is the class not taking care of that automatically? Note that there will be use cases where you _want_ to put html in some tags - such as using an image for a label, or where tags are nested - attributes should always be escaped though.

And that's just talking about how innocent users could break your code, not those with malicious intent who submit `"<script>document.location = 'http://mysite';"` as their name.

## Big Point: Write real tests

If you write a real test (by which I mean using [phpunit][1]) you can quickly test normal and edge case scenarios (What if the `$x` property looks like this?), which will highlight any difficulties in using the code. It'll also permit you the confidence - if you choose to rewrite any of the code in the future - of knowing that it still works in the same way as it did originally.

## Mid Point: Inconsistent constructors

You have all these different constructors:

    public function __construct($element, $text = "", $self_contained = false, array $attribute_list = array()) {
    public function __construct($action, $method = self::METHOD_POST, array $attribute_list = array()) {
    public function __construct($type, $name, Label $label, $default_value = "", array $attribute_list = array()) {
    public function __construct($text, array $attribute_list = array()) {
    public function __construct($legend) {
    public function __construct($text, array $attribute_list = array()) {
    public function __construct($text = "Submit", array $attribute_list = array()) {

Yet all classes extend Node. Why not just have one:

    public function __construct($args = array()) {

A consistent constructor makes it easy to know how to use a class without having to continually refer to the docs or class definition. If that's something you do with none-constructor functions (not applicable here) your code would not be `E_STRICT` compliant. Having different constructors isn't particularly intuitive, and means you can't have simple override logic like so:

    public function __construct($args = array()) {
        .. anything ..
        parent::__construct($args);
    }

You can enforce any mandatory args just the same, but given that everything is a class you should be able to set all of the currently-mandatory properties after instanciation anyway.

## Mid Point: Needless interface

The interface only defines one method, and where used has exactly the same code. You could just as easily add it to your Node class and override or configure it to be disabled in the cases where it's not applicable. 

## Mid Point: Needless constants

What's the real benefit of these:

    const METHOD_POST = 'POST';
    const METHOD_GET  = 'GET';

It's more to type and doesn't add any clarity.

There's also this:

    const TAB = "    ";

Which is in fact set to four spaces. "\t" is easier and shorter to type.

## Minor Point: Whitespace

Whitespace in html is insignificant, so doing this:

     $result .= "\n" . self::TAB . "<{$this->e...

doesn't do anything for end users. 

It also doesn't do what you want, as it leads to ugly html. Look at the source of this page and look for "&lt;form>" - if it were left aligned it would break out of the indentation level where it is. If you used similar code to that in the question to build all your html the indentation would be so wayward you wouldn't be able to read the raw html output without re-indenting it.

It's something that is of no real value, because anyone who wants to see the html structure can just use firebug/devtools/their-tool-of-choice and it'll indent the code for them. If you really want to have indented html anyway, there are tools for that like [htmltidy][2].


  [1]: http://www.phpunit.de/manual/current/en/
  [2]: http://php.net/manual/en/book.tidy.php