File tree Expand file tree Collapse file tree 5 files changed +23
-7
lines changed
Filter options
Expand file tree Collapse file tree 5 files changed +23
-7
lines changed
Original file line number Diff line number Diff line change 11* **Templating**:
22
3- * :doc:`/guides/templating/helpers ` |
4- * :doc:`Twig < /Twig > `
3+ * :doc:`Twig < /Twig > ` |
4+ * :doc:`/guides/templating/helpers `
55
66* **Doctrine**:
77
Original file line number Diff line number Diff line change @@ -158,6 +158,12 @@ specialized tags:
158158 {# embed another controller response #}
159159 {% render 'BlogBundle:Post:list' with ['limit': 2], ['alt': 'BlogBundle:Post:error'] %}
160160
161+
162+ ---------------
163+
164+ Twig is configured to automatically escapes all output by default. Read Twig
165+ documentation to learn more about output escaping and the Escaper extension.
166+
161167.. _twig_extension_tag :
162168
163169Enabling Custom Twig Extensions
Original file line number Diff line number Diff line change @@ -4,6 +4,5 @@ Templating
44.. toctree ::
55 :maxdepth: 2
66
7- overview
8- helpers
97 Twig
8+ helpers
Original file line number Diff line number Diff line change @@ -176,7 +176,6 @@ PHP. Have a look at the default configuration:
176176 router : { resource: "%kernel.root_dir%/config/routing.yml" }
177177 validation : { enabled: true, annotations: true }
178178 templating :
179- escaping : htmlspecialchars
180179 # assets_version: SomeVersionScheme
181180 session :
182181 default_locale : en
@@ -208,7 +207,6 @@ PHP. Have a look at the default configuration:
208207 <app : config csrf-secret =" xxxxxxxxxx" charset =" UTF-8" error-handler =" null"
209208 <app : router resource =" %kernel.root_dir%/config/routing.xml"
210209 <app : validation enabled =" true" annotations =" true"
211- <app : templating escaping =" htmlspecialchars"
212210 <app : session default-locale =" en" lifetime =" 3600"
213211 </app : config >
214212
@@ -244,7 +242,6 @@ PHP. Have a look at the default configuration:
244242 'router' => array('resource' => '%kernel.root_dir%/config/routing.php'),
245243 'validation' => array('enabled' => true, 'annotations' => true),
246244 'templating' => array(
247- 'escaping' => 'htmlspecialchars'
248245 #'assets_version' => "SomeVersionScheme",
249246 ),
250247 'session' => array(
Original file line number Diff line number Diff line change @@ -254,6 +254,20 @@ need to also add the following code in your main layout:
254254 <?php echo $view['javascripts'] ?>
255255 <?php echo $view['stylesheets'] ?>
256256
257+ Output Escaping
258+ ---------------
259+
260+ When using PHP templates, escape variables whenever they are displayed to the
261+ user::
262+
263+ <?php echo $view->escape($var) ?>
264+
265+ By default, the ``escape() `` method assumes that the variable is outputted
266+ within an HTML context. The second argument lets you change the context. For
267+ instance, to output something in a JavaScript script, use the ``js `` context::
268+
269+ <?php echo $view->escape($var, 'js') ?>
270+
257271Final Thoughts
258272--------------
259273
You can’t perform that action at this time.
0 commit comments