Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

simplified usage of the autoescape tag; the only argument is now the …

…escaping strategy or false
  • Loading branch information...
commit 9ecf090ae8d2256ba3d08bd11ca170b6aeedfbd8 1 parent 423c827
@fabpot authored
View
1  CHANGELOG
@@ -1,5 +1,6 @@
* 1.8.0 (2012-XX-XX)
+ * simplified usage of the autoescape tag; the only argument is now the escaping strategy or false (with a BC layer)
* added a way to dynamically change the auto-escaping strategy according to the template "filename"
* changed the autoescape option to also accept a supported escaping strategy (for BC, true is equivalent to html)
* added an embed tag
View
12 doc/tags/autoescape.rst
@@ -6,19 +6,27 @@ template to be escaped or not by using the ``autoescape`` tag:
.. code-block:: jinja
- {% autoescape true %}
+ {% autoescape true %} {# as of Twig 1.8, this is equivalent to {% autoescape 'html' %} #}
Everything will be automatically escaped in this block
+ using the HTML strategy
{% endautoescape %}
{% autoescape false %}
- Everything will be outputed as is in this block
+ Everything will be outputted as is in this block
{% endautoescape %}
+ {# deprecated as of Twig 1.8 #}
{% autoescape true js %}
Everything will be automatically escaped in this block
using the js escaping strategy
{% endautoescape %}
+ {# as of Twig 1.8 #}
+ {% autoescape 'js' %}
+ Everything will be automatically escaped in this block
+ using the js escaping strategy
+ {% endautoescape %}
+
When automatic escaping is enabled everything is escaped by default except for
values explicitly marked as safe. Those can be marked in the template by using
the :doc:`raw<../filters/raw>` filter:
View
16 lib/Twig/TokenParser/AutoEscape.php
@@ -39,13 +39,19 @@ class Twig_TokenParser_AutoEscape extends Twig_TokenParser
public function parse(Twig_Token $token)
{
$lineno = $token->getLine();
- $value = $this->parser->getStream()->expect(Twig_Token::NAME_TYPE)->getValue();
- if (!in_array($value, array('true', 'false'))) {
- throw new Twig_Error_Syntax("Autoescape value must be 'true' or 'false'", $lineno);
+ $expr = $this->parser->getExpressionParser()->parseExpression();
+ if (!$expr instanceof Twig_Node_Expression_Constant) {
+ throw new Twig_Error_Syntax('An escaping strategy must be a string or a Boolean.', $lineno);
}
- $value = 'true' === $value ? 'html' : false;
+ $value = $expr->getAttribute('value');
- if ($this->parser->getStream()->test(Twig_Token::NAME_TYPE)) {
+ $compat = true === $value || false === $value;
+
+ if (true === $value) {
+ $value = 'html';
+ }
+
+ if ($compat && $this->parser->getStream()->test(Twig_Token::NAME_TYPE)) {
if (false === $value) {
throw new Twig_Error_Syntax('Unexpected escaping strategy as you set autoescaping to false.', $lineno);
}
View
2  test/Twig/Tests/Fixtures/tags/autoescape/basic.test
@@ -1,7 +1,7 @@
--TEST--
"autoescape" tag applies escaping on its children
--TEMPLATE--
-{% autoescape true %}
+{% autoescape 'html' %}
{{ var }}<br />
{% endautoescape %}
{% autoescape false %}
View
2  test/Twig/Tests/Fixtures/tags/autoescape/blocks.test
@@ -1,7 +1,7 @@
--TEST--
"autoescape" tag applies escaping on embedded blocks
--TEMPLATE--
-{% autoescape true %}
+{% autoescape 'html' %}
{% block foo %}
{{ var }}
{% endblock %}
View
2  test/Twig/Tests/Fixtures/tags/autoescape/double_escaping.test
@@ -1,7 +1,7 @@
--TEST--
"autoescape" tag does not double-escape
--TEMPLATE--
-{% autoescape true %}
+{% autoescape 'html' %}
{{ var|escape }}
{% endautoescape %}
--DATA--
View
12 test/Twig/Tests/Fixtures/tags/autoescape/functions.test
@@ -13,8 +13,8 @@ unsafe_br
{% endautoescape %}
-autoescape true
-{% autoescape true %}
+autoescape 'html'
+{% autoescape 'html' %}
safe_br
{{ safe_br() }}
@@ -36,8 +36,8 @@ unsafe_br()|escape
{% endautoescape %}
-autoescape true js
-{% autoescape true js %}
+autoescape js
+{% autoescape 'js' %}
safe_br
{{ safe_br() }}
@@ -56,7 +56,7 @@ unsafe_br
<br />
-autoescape true
+autoescape 'html'
safe_br
<br />
@@ -77,7 +77,7 @@ unsafe_br()|escape
&lt;br /&gt;
-autoescape true js
+autoescape js
safe_br
\x3cbr \x2f\x3e
View
2  test/Twig/Tests/Fixtures/tags/autoescape/literal.test
@@ -1,7 +1,7 @@
--TEST--
"autoescape" tag does not apply escaping on literals
--TEMPLATE--
-{% autoescape true %}
+{% autoescape 'html' %}
1. Simple literal
{{ "<br />" }}
View
4 test/Twig/Tests/Fixtures/tags/autoescape/nested.test
@@ -2,11 +2,11 @@
"autoescape" tags can be nested at will
--TEMPLATE--
{{ var }}
-{% autoescape true %}
+{% autoescape 'html' %}
{{ var }}
{% autoescape false %}
{{ var }}
- {% autoescape true %}
+ {% autoescape 'html' %}
{{ var }}
{% endautoescape %}
{{ var }}
View
2  test/Twig/Tests/Fixtures/tags/autoescape/objects.test
@@ -1,7 +1,7 @@
--TEST--
"autoescape" tag applies escaping to object method calls
--TEMPLATE--
-{% autoescape true %}
+{% autoescape 'html' %}
{{ user.name }}
{{ user.name|lower }}
{{ user }}
View
2  test/Twig/Tests/Fixtures/tags/autoescape/raw.test
@@ -1,7 +1,7 @@
--TEST--
"autoescape" tag does not escape when raw is used as a filter
--TEMPLATE--
-{% autoescape true %}
+{% autoescape 'html' %}
{{ var|raw }}
{% endautoescape %}
--DATA--
View
6 test/Twig/Tests/Fixtures/tags/autoescape/strategy.test
@@ -4,8 +4,14 @@
{% autoescape true js %}{{ var }}{% endautoescape %}
{% autoescape true html %}{{ var }}{% endautoescape %}
+
+{% autoescape 'js' %}{{ var }}{% endautoescape %}
+
+{% autoescape 'html' %}{{ var }}{% endautoescape %}
--DATA--
return array('var' => '<br />"')
--EXPECT--
\x3cbr \x2f\x3e\x22
&lt;br /&gt;&quot;
+\x3cbr \x2f\x3e\x22
+&lt;br /&gt;&quot;
View
24 test/Twig/Tests/Fixtures/tags/autoescape/type.test
@@ -2,21 +2,21 @@
escape types
--TEMPLATE--
-1. autoescape true |escape('js')
+1. autoescape 'html' |escape('js')
-{% autoescape true %}
+{% autoescape 'html' %}
<a onclick="alert(&quot;{{ msg|escape('js') }}&quot;)"></a>
{% endautoescape %}
-2. autoescape true html |escape('js')
+2. autoescape 'html' |escape('js')
-{% autoescape true html %}
+{% autoescape 'html' %}
<a onclick="alert(&quot;{{ msg|escape('js') }}&quot;)"></a>
{% endautoescape %}
-3. autoescape true js |escape('js')
+3. autoescape 'js' |escape('js')
-{% autoescape true js %}
+{% autoescape 'js' %}
<a onclick="alert(&quot;{{ msg|escape('js') }}&quot;)"></a>
{% endautoescape %}
@@ -32,9 +32,9 @@ escape types
<a onclick="alert(&quot;{{ msg|escape('js')|escape('html') }}&quot;)"></a>
{% endautoescape %}
-6. autoescape true html |escape('js')|escape('html')
+6. autoescape 'html' |escape('js')|escape('html')
-{% autoescape true html %}
+{% autoescape 'html' %}
<a onclick="alert(&quot;{{ msg|escape('js')|escape('html') }}&quot;)"></a>
{% endautoescape %}
@@ -42,15 +42,15 @@ escape types
return array('msg' => "<>\n'\"")
--EXPECT--
-1. autoescape true |escape('js')
+1. autoescape 'html' |escape('js')
<a onclick="alert(&quot;\x3c\x3e\x0a\x27\x22&quot;)"></a>
-2. autoescape true html |escape('js')
+2. autoescape 'html' |escape('js')
<a onclick="alert(&quot;\x3c\x3e\x0a\x27\x22&quot;)"></a>
-3. autoescape true js |escape('js')
+3. autoescape 'js' |escape('js')
<a onclick="alert(&quot;\x3c\x3e\x0a\x27\x22&quot;)"></a>
@@ -63,7 +63,7 @@ return array('msg' => "<>\n'\"")
<a onclick="alert(&quot;\x3c\x3e\x0a\x27\x22&quot;)"></a>
-6. autoescape true html |escape('js')|escape('html')
+6. autoescape 'html' |escape('js')|escape('html')
<a onclick="alert(&quot;\x3c\x3e\x0a\x27\x22&quot;)"></a>
View
2  test/Twig/Tests/Fixtures/tags/autoescape/with_filters.test
@@ -1,7 +1,7 @@
--TEST--
"autoescape" tag applies escaping after calling filters
--TEMPLATE--
-{% autoescape true %}
+{% autoescape 'html' %}
(escape_and_nl2br is an escaper filter)
View
2  test/Twig/Tests/Fixtures/tags/autoescape/with_filters_arguments.test
@@ -1,7 +1,7 @@
--TEST--
"autoescape" tag do not applies escaping on filter arguments
--TEMPLATE--
-{% autoescape true %}
+{% autoescape 'html' %}
{{ var|nl2br("<br />") }}
{{ var|nl2br("<br />"|escape) }}
{{ var|nl2br(sep) }}
View
2  test/Twig/Tests/Fixtures/tags/autoescape/with_pre_escape_filters.test
@@ -1,7 +1,7 @@
--TEST--
"autoescape" tag applies escaping after calling filters, and before calling pre_escape filters
--TEMPLATE--
-{% autoescape true %}
+{% autoescape 'html' %}
(nl2br is pre_escaped for "html" and declared safe for "html")
View
2  test/Twig/Tests/Fixtures/tags/autoescape/with_preserves_safety_filters.test
@@ -1,7 +1,7 @@
--TEST--
"autoescape" tag handles filters preserving the safety
--TEMPLATE--
-{% autoescape true %}
+{% autoescape 'html' %}
(preserves_safety is preserving safety for "html")
Please sign in to comment.
Something went wrong with that request. Please try again.