Re : Re: [symfony-users] [sf2] Html Escaping
I've fixed my problem, In the Twig documentation (http://www.twig-project.org/doc/templates.html) i've found this : {% autoescape false %} Everything will be outputed as is in this block{% endautoescape %} So like Chirstophe said, the output escaping is enabled by default. Adding {% autoescape false %} solve the problem thanks ! -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
Re: [symfony-users] [sf2] Html Escaping
Le 13/06/2011 18:21, Thomas a écrit : I all, i've a problem when rendering a news in a twing template. My html isn't escaped : public function showAction($permalink){ $news = $this-get('doctrine') -getEntityManager() -getRepository('CompanySiteBundle:News') -findOneByPermalink($permalink); if (!$news) { throw $this-createNotFoundException('error msg'); } return $this-render('CompanySiteBundle:News:showNews.html.twig', array('news' = $news)); } I've found this in the documentation : Output Escapingś http://symfony.com/doc/2.0/cookbook/templating/PHP.html#output-escaping When using PHP templates, escape variables whenever they are displayed to the user: ?php echo $view-escape($var) ? By default, the escape() method assumes that the variable is outputted within an HTML context. The second argument lets you change the context. For instance, to output something in a JavaScript script, use the js context: ?php echo $view-escape($var, 'js') ? But i don't know how to do this in my controller or in my view Thanks! The code you just pasted uses a Twig template. The doc you pasted is about PHP templates. In Twig templates, the output escaping is enabled by default. Please paste your template to see what is wrong. -- Christophe | Stof -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
Re: [symfony-users] [sf2] Html Escaping
Hi, if have worked with Twig or Symfony 1.4 way to pass variables from controllers to views, it is the same for all cases. In a controller you will return a view response like: return $this-render('YourBundle:Folder:view.html.php', array('viewBar' = $controllerBar, 'viewFoo' = $controllerFoo)); This way you are passing the $controllerBar variable , fetched in the controller (i.e, the result of a query to database, a string), to the view. In the view you will reference that variable as $viewBar, cuase you are telling it so in the $render-... statement. so in the view.html.php template, to render that variable you will: ?php echo $view-escape($viewBar); ? Regards. 2011/6/13 Thomas thomas.pei...@gmail.com I all, i've a problem when rendering a news in a twing template. My html isn't escaped : public function showAction($permalink){ $news = $this-get('doctrine') -getEntityManager() -getRepository('CompanySiteBundle:News') -findOneByPermalink($permalink); if (!$news) { throw $this-createNotFoundException('error msg'); } return $this-render('CompanySiteBundle:News:showNews.html.twig', array('news' = $news)); } I've found this in the documentation : Output Escaping¶http://symfony.com/doc/2.0/cookbook/templating/PHP.html#output-escaping When using PHP templates, escape variables whenever they are displayed to the user: ?php echo $view-escape($var) ? By default, the escape() method assumes that the variable is outputted within an HTML context. The second argument lets you change the context. For instance, to output something in a JavaScript script, use the js context: ?php echo $view-escape($var, 'js') ? But i don't know how to do this in my controller or in my view Thanks! -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
Re : Re: [symfony-users] [sf2] Html Escaping
Hello Christophe, In my showNews.html.twig i have : {% block content %} h2{{ news.titre }}/h2 div id=date_news iPublished on {{ news.dateCreation.format('d F Y') }}./i /div {{ news.contenu }} {% endblock %} and in my head i've the meta : meta http-equiv=Content-Type content=text/html; charset=utf-8 / -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups symfony users group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en