Merge branch 'release/1.1.15' into v1

nystudio107 · Oct 9, 2018 · 92f0bcb · 92f0bcb
2 parents e0b5224 + 15a4100
commit 92f0bcb
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Typogrify Changelog
 
+## 1.1.15 - 2018.10.09
+### Changed
+* Allow `null` to be passed in to the various filters
+* Once again, revert to not auto-escaping text that is passed in
+
 ## 1.1.14 - 2018.10.05
 ### Changed
 * Refactored the Twig Extension to use the same methods that the Variable does

diff --git a/README.md b/README.md
@@ -135,16 +135,12 @@ Or:
 
 #### Security
 
-In ordered to work, Typogrify outputs raw HTML. Any untrusted string (anything that is not `\Twig_Markup`), is escaped before processing to avoid any potential XSS.
-
-Data coming from Rich Text Fields will already be `\Twig_Markup` so HTML therein will not be escaped; if you have data coming from another source that you don't want escaped prior to using `| typogrify`, use the `raw` filter:
+In ordered to work, Typogrify outputs raw HTML. Any untrusted string coming from user input, etc. should be escaped _before_ passing it into Typogrify, e.g.:
 
 ```twig
-{{ someText | raw | typogrify }}
+{{ craft.request.getParam('untrusted') | escape | typogrify }}
 ```
 
-This is only needed if you have HTML that needs to be preserved coming from a Plain Text or other trusted source. For most uses cases, this is unnecessary.
-
 #### Advanced Usage
 
 Should you need advanced control over Typogrify in your templates, you can use the `getPhpTypographySettings()` Twig function:

diff --git a/composer.json b/composer.json
@@ -2,7 +2,7 @@
     "name": "nystudio107/craft-typogrify",
     "description": "Typogrify prettifies your web typography by preventing ugly quotes and 'widows' and more",
     "type": "craft-plugin",
-    "version": "1.1.14",
+    "version": "1.1.15",
     "keywords": [
         "craft",
         "cms",

diff --git a/src/variables/TypogrifyVariable.php b/src/variables/TypogrifyVariable.php
@@ -278,6 +278,7 @@ public function wordLimit(string $string, int $length, string $substring = '…'
      */
     private function normalizeText($text): string
     {
+/* @TODO: try to resolve at a later date; Twig's `| raw` just returns a string, not `\Twig_Markup` so we can't use that as a check
         if ($text instanceof \Twig_Markup) {
             // Either came from a Redactor field (or the like) or they manually added a |raw tag. We can trust it
             $text = (string)$text;
@@ -293,6 +294,12 @@ private function normalizeText($text): string
                 $text = $error;
             }
         }
+*/
+        // If it's null or otherwise empty, just return an empty string
+        if (empty($text)) {
+            $text = '';
+        }
+        $text = (string)$text;
 
         return $text;
     }