Permalink
Browse files

added the possibility to force the escaping of a string already marke…

…d as safe
  • Loading branch information...
fabpot committed Sep 22, 2011
1 parent d101a05 commit 46080c90ea9f06e21ceb88b4d1b62d22374e32af
View
@@ -1,5 +1,6 @@
* 1.3.0
+ * added the possibility to force the escaping of a string already marked as safe (instance of Twig_Markup)
* allowed empty templates to be used as traits
* added traits support for the "parent" function
@@ -470,14 +470,15 @@ function twig_strtr($pattern, $replacements)
/**
* Escapes a string.
*
- * @param Twig_Environment $env A Twig_Environment instance
- * @param string $string The value to be escaped
- * @param string $type The escaping strategy
- * @param string $charset The charset
+ * @param Twig_Environment $env A Twig_Environment instance
+ * @param string $string The value to be escaped
+ * @param string $type The escaping strategy
+ * @param string $charset The charset
+ * @param Boolean $autoescape Whether the function is called by the auto-escaping feature (true) or by the developer (false)
*/
-function twig_escape_filter(Twig_Environment $env, $string, $type = 'html', $charset = null)
+function twig_escape_filter(Twig_Environment $env, $string, $type = 'html', $charset = null, $autoescape = false)
{
- if (is_object($string) && $string instanceof Twig_Markup) {
+ if ($autoescape && is_object($string) && $string instanceof Twig_Markup) {
return $string;
}
@@ -147,7 +147,7 @@ protected function getEscaperFilter($type, Twig_NodeInterface $node)
{
$line = $node->getLine();
$name = new Twig_Node_Expression_Constant('escape', $line);
- $args = new Twig_Node(array(new Twig_Node_Expression_Constant((string) $type, $line)));
+ $args = new Twig_Node(array(new Twig_Node_Expression_Constant((string) $type, $line), new Twig_Node_Expression_Constant(null, $line), new Twig_Node_Expression_Constant(true, $line)));
return new Twig_Node_Expression_Filter($node, $name, $args, $line);
}
@@ -0,0 +1,18 @@
+--TEST--
+"escape" filter
+--TEMPLATE--
+{% set foo %}
+ foo<br />
+{% endset %}
+
+{{ foo|e('html') -}}
+{{ foo|e('js') }}
+{% autoescape true %}
+ {{ foo }}
+{% endautoescape %}
+--DATA--
+return array()
+--EXPECT--
+ foo&lt;br /&gt;
+ foo\x3cbr \x2f\x3e\x0a
+ foo<br />

0 comments on commit 46080c9

Please sign in to comment.