Re : Re: [symfony-users] [sf2] Html Escaping
I've fixed my problem,
In the Twig documentation (http://www.twig-project.org/doc/templates.html) i've
found this :
{% autoescape false %} Everything will be outputed as is in this block{%
endautoescape %}
So like Chirstophe said, the output escaping is enabled by default. Adding
{% autoescape false %} solve the problem thanks !
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups symfony users group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
Re: [symfony-users] [sf2] Html Escaping
Le 13/06/2011 18:21, Thomas a écrit :
I all, i've a problem when rendering a news in a twing template.
My html isn't escaped :
public function showAction($permalink){
$news = $this-get('doctrine')
-getEntityManager()
-getRepository('CompanySiteBundle:News')
-findOneByPermalink($permalink);
if (!$news) {
throw $this-createNotFoundException('error msg');
}
return $this-render('CompanySiteBundle:News:showNews.html.twig',
array('news' = $news));
}
I've found this in the documentation :
Output Escapingś
http://symfony.com/doc/2.0/cookbook/templating/PHP.html#output-escaping
When using PHP templates, escape variables whenever they are displayed
to the user:
?php echo $view-escape($var) ?
By default, the escape() method assumes that the variable is outputted
within an HTML context. The second argument lets you change the
context. For instance, to output something in a JavaScript script, use
the js context:
?php echo $view-escape($var, 'js') ?
But i don't know how to do this in my controller or in my view
Thanks!
The code you just pasted uses a Twig template. The doc you pasted is
about PHP templates. In Twig templates, the output escaping is enabled
by default. Please paste your template to see what is wrong.
--
Christophe | Stof
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups symfony users group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
Re: [symfony-users] [sf2] Html Escaping
Hi, if have worked with Twig or Symfony 1.4 way to pass variables from
controllers to views, it is the same for all cases.
In a controller you will return a view response like:
return $this-render('YourBundle:Folder:view.html.php', array('viewBar' =
$controllerBar, 'viewFoo' = $controllerFoo));
This way you are passing the $controllerBar variable , fetched in the
controller (i.e, the result of a query to database, a string), to
the view. In the view you will reference that variable as $viewBar, cuase
you are telling it so in the $render-... statement.
so in the view.html.php template, to render that variable you will:
?php echo $view-escape($viewBar); ?
Regards.
2011/6/13 Thomas thomas.pei...@gmail.com
I all, i've a problem when rendering a news in a twing template.
My html isn't escaped :
public function showAction($permalink){
$news = $this-get('doctrine')
-getEntityManager()
-getRepository('CompanySiteBundle:News')
-findOneByPermalink($permalink);
if (!$news) {
throw $this-createNotFoundException('error msg');
}
return $this-render('CompanySiteBundle:News:showNews.html.twig',
array('news' = $news));
}
I've found this in the documentation :
Output
Escaping¶http://symfony.com/doc/2.0/cookbook/templating/PHP.html#output-escaping
When using PHP templates, escape variables whenever they are displayed to
the user:
?php echo $view-escape($var) ?
By default, the escape() method assumes that the variable is outputted
within an HTML context. The second argument lets you change the context. For
instance, to output something in a JavaScript script, use the js context:
?php echo $view-escape($var, 'js') ?
But i don't know how to do this in my controller or in my view
Thanks!
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups symfony users group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups symfony users group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
Re : Re: [symfony-users] [sf2] Html Escaping
Hello Christophe,
In my showNews.html.twig i have :
{% block content %}
h2{{ news.titre }}/h2
div id=date_news
iPublished on {{ news.dateCreation.format('d F Y') }}./i
/div
{{ news.contenu }}
{% endblock %}
and in my head i've the meta : meta http-equiv=Content-Type
content=text/html; charset=utf-8 /
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups symfony users group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
