* 1.7.0 (2012-XX-XX)
+ * added the preserve_safety option for filters
* fixed a PHP notice when trying to access a key on a non-object/array variable
* enhanced error reporting when the template file is an instance of SplFileInfo
* added Twig_Environment::mergeGlobals()
'needs_environment' => false,
'needs_context' => false,
'pre_escape' => null,
+ 'preserve_safety' => null,
), $options);
}
return call_user_func($this->options['is_safe_callback'], $filterArgs);
}
- return array();
+ return null;
+ }
+
+ public function getPreserveSafety()
+ {
+ return $this->options['preserve_safety'];
}
public function getPreEscape()
function getSafe(Twig_Node $filterArgs);
+ function getPreserveSafety();
+
function getPreEscape();
function setArguments($arguments);
$name = $node->getNode('filter')->getAttribute('value');
$args = $node->getNode('arguments');
if (false !== $filter = $env->getFilter($name)) {
- $this->setSafe($node, $filter->getSafe($args));
+ $safe = $filter->getSafe($args);
+ if (null === $safe) {
+ $safe = $this->intersectSafe($this->getSafe($node->getNode('node')), $filter->getPreserveSafety());
+ }
+ $this->setSafe($node, $safe);
} else {
$this->setSafe($node, array());
}
--- /dev/null
+--TEST--
+"autoescape" tag handles filters preserving the safety
+--TEMPLATE--
+{% autoescape true %}
+
+(preserve_safety is preserving safety for "html")
+
+1. Unsafe values are still unsafe
+( var|preserve_safety|escape )
+{{ var|preserve_safety }}
+
+2. Safe values are still safe
+( var|escape|preserve_safety )
+{{ var|escape|preserve_safety }}
+
+3. Re-escape values that are escaped for an other contexts
+( var|escape_something|preserve_safety|escape )
+{{ var|escape_something|preserve_safety }}
+
+4. Still escape when using filters not declared safe
+( var|escape|preserve_safety|replace({'FABIEN': 'FABPOT'})|escape )
+{{ var|escape|preserve_safety|replace({'FABIEN': 'FABPOT'}) }}
+
+{% endautoescape %}
+--DATA--
+return array('var' => "<Fabien>\nTwig")
+--EXPECT--
+
+(preserve_safety is preserving safety for "html")
+
+1. Unsafe values are still unsafe
+( var|preserve_safety|escape )
+<FABIEN>
+TWIG
+
+2. Safe values are still safe
+( var|escape|preserve_safety )
+<FABIEN>
+TWIG
+
+3. Re-escape values that are escaped for an other contexts
+( var|escape_something|preserve_safety|escape )
+<FABIEN>
+TWIG
+
+4. Still escape when using filters not declared safe
+( var|escape|preserve_safety|replace({'FABIEN': 'FABPOT'})|escape )
+&LT;FABPOT&GT;
+TWIG
+
'escape_and_nl2br' => new Twig_Filter_Method($this, 'escape_and_nl2br', array('needs_environment' => true, 'is_safe' => array('html'))),
'nl2br' => new Twig_Filter_Method($this, 'nl2br', array('pre_escape' => 'html', 'is_safe' => array('html'))),
'escape_something' => new Twig_Filter_Method($this, 'escape_something', array('is_safe' => array('something'))),
+ 'preserve_safety' => new Twig_Filter_Method($this, 'preserve_safety', array('preserve_safety' => array('html'))),
'*_path' => new Twig_Filter_Method($this, 'dynamic_path'),
'*_foo_*_bar' => new Twig_Filter_Method($this, 'dynamic_foo'),
);
return strtoupper($value);
}
+ public function preserve_safety($value)
+ {
+ return strtoupper($value);
+ }
+
public function br()
{
return '<br />';