You have identified the problem but the solution cannot be the one you
suggest. The HtmlGenerator should not be aware of the output escaping.
I have no obvious solution right now. So, can you create a ticket for
that issue?
Thanks,
Fabien
--
Fabien Potencier
Sensio CEO - symfony lead developer
sensiolabs.com | symfony-project.org | fabien.potencier.org
Tél: +33 1 40 99 80 80
On 11/6/10 10:25 PM, Michael wrote:
it seems that the $attributes is an instanceof of ArrayDecorator, so
you should convert it to an array, see fixed code for Symfony\Bundle
\FrameworkBundle\Templating\HtmlGenerator.php.
public function tag($tag, $attributes = array())
{
if (empty($tag)) {
return '';
}
if ($attributes instanceof \Symfony\Component\OutputEscaper
\ArrayDecorator) {
$attributes = $attributes->getRawValue();
}
return sprintf('<%s%s%s', $tag, $this-
attributes($attributes), self::$xhtml ? ' />' : (strtolower($tag) ==
'input' ?'>' : sprintf('></%s>', $tag)));
}
public function contentTag($tag, $content = null, $attributes =
array())
{
if (empty($tag)) {
return '';
}
if ($attributes instanceof \Symfony\Component\OutputEscaper
\ArrayDecorator) {
$attributes = $attributes->getRawValue();
}
return sprintf('<%s%s>%s</%s>', $tag, $this-
attributes($attributes), $content, $tag);
}
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
