When I use the latest and greatest GIT-Version of Symfony, the Form
fields are escaped in TWIG.
Excerpt from controller:
public function departmentEditAction($name) {
$em = $this->get('doctrine.orm.entity_manager');
$department = $em->getRepository("Oncode\StarcsBundle\Entity
\Department")
->findOneBy(array('name' => $name));
if(!$department) {
throw new NotFoundHttpException($this->get('translator')-
>trans('This department does not exist.'));
}
$form = $this->get('form.factory')
->createBuilder('form', $department)
->add('id', 'hidden')
->add('name')
->getForm();
// ...
return $this-
>render('OncodeStarcsAdminBundle:Department:departmentEdit.html.twig',
array(
'form' => $form->createView(),
));
In the TWIG-Template:
...
<tr>
<td>
<div>
{{- form_widget(form.name) }}
</div>
{{ form_rest(form) -}}
</td>
<td>
<input type="submit" name="edit" value="{{ "edit"|
trans }}"/>
</td>
</tr>
...
The output on the HTML-source are the input-element-tags escaped:
<div><input type="text" id=&quot;form_name&quot;
name=&quot;form[name]&quot;
required=&quot;required&quot; maxlength=&quot;
255&quot; value="uuu1w1" />
</div>
<input type="hidden"
id=&quot;form__token&quot;
name=&quot;form[_token]&quot;
required=&quot;required&quot;
value="b23212312312340" />
<input
type="hidden" id=&quot;form_id&quot;
name=&quot;form[id]&quot;
required=&quot;required&quot; value="7" /></td>
<td>
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
