* the constant filter has been converted to a function: {{ some_date|date('DATE_W3C'|constant) }} -> {{ some_date|date(constant('DATE_W3C')) }}
* the cycle filter has been converted to a function: {{ ['odd', 'even']|cycle(i) }} -> {{ cycle(['odd', 'even'], i) }}
* the for tag does not support "joined by" anymore
+ * the autoescape first argument is now true/false (instead of on/off)
Changes:
.. code-block:: jinja
- {% autoescape on %}
+ {% autoescape true %}
{% var %}
{% var|raw %} {# var won't be escaped #}
{% var|escape %} {# var won't be doubled-escaped #}
.. code-block:: jinja
- {% autoescape js on %}
+ {% autoescape true js %}
{{ var|escape('html') }} {# will be escaped for html and javascript #}
{{ var }} {# will be escaped for javascript #}
{{ var|escape('js') }} {# won't be double-escaped #}
.. code-block:: jinja
- {% autoescape on %}
+ {% autoescape true %}
Everything will be automatically escaped in this block
{% endautoescape %}
- {% autoescape off %}
+ {% autoescape false %}
Everything will be outputed as is in this block
{% endautoescape %}
- {% autoescape on js %}
+ {% autoescape true js %}
Everything will be automatically escaped in this block
using the js escaping strategy
{% endautoescape %}
.. code-block:: jinja
- {% autoescape on }
+ {% autoescape true }
{{ var|raw }} {# var won't be escaped #}
- {% autoescape off %}
+ {% endautoescape %}
``merge`` (new in Twig 0.9.10)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
{
$lineno = $token->getLine();
$value = $this->parser->getStream()->expect(Twig_Token::NAME_TYPE)->getValue();
- if (!in_array($value, array('on', 'off'))) {
- throw new Twig_Error_Syntax("Autoescape value must be 'on' or 'off'", $lineno);
+ if (!in_array($value, array('true', 'false'))) {
+ throw new Twig_Error_Syntax("Autoescape value must be 'true' or 'false'", $lineno);
}
- $value = 'on' === $value ? 'html' : false;
+ $value = 'true' === $value ? 'html' : false;
if ($this->parser->getStream()->test(Twig_Token::NAME_TYPE)) {
if (false === $value) {
- throw new Twig_Error_Syntax(sprintf('Unexpected escaping strategy as you set autoescaping to off.', $lineno), -1);
+ throw new Twig_Error_Syntax(sprintf('Unexpected escaping strategy as you set autoescaping to false.', $lineno), -1);
}
$value = $this->parser->getStream()->next()->getValue();
--TEST--
"autoescape" tag applies escaping on its children
--TEMPLATE--
-{% autoescape on %}
+{% autoescape true %}
{{ var }}<br />
{% endautoescape %}
-{% autoescape off %}
+{% autoescape false %}
{{ var }}<br />
{% endautoescape %}
-{% autoescape on %}
+{% autoescape true %}
{{ var }}<br />
{% endautoescape %}
-{% autoescape off %}
+{% autoescape false %}
{{ var }}<br />
{% endautoescape %}
--DATA--
--TEST--
"autoescape" tag applies escaping on embedded blocks
--TEMPLATE--
-{% autoescape on %}
+{% autoescape true %}
{% block foo %}
{{ var }}
{% endblock %}
--TEST--
"autoescape" tag does not double-escape
--TEMPLATE--
-{% autoescape on %}
+{% autoescape true %}
{{ var|escape }}
{% endautoescape %}
--DATA--
"autoescape" tag applies escaping after calling functions
--TEMPLATE--
-autoescape off
-{% autoescape off %}
+autoescape false
+{% autoescape false %}
safe_br
{{ safe_br() }}
{% endautoescape %}
-autoescape on
-{% autoescape on %}
+autoescape true
+{% autoescape true %}
safe_br
{{ safe_br() }}
{% endautoescape %}
-autoescape on js
-{% autoescape on js %}
+autoescape true js
+{% autoescape true js %}
safe_br
{{ safe_br() }}
return array()
--EXPECT--
-autoescape off
+autoescape false
safe_br
<br />
<br />
-autoescape on
+autoescape true
safe_br
<br />
<br />
-autoescape on js
+autoescape true js
safe_br
\x3cbr \x2f\x3e
--TEST--
"autoescape" tag does not apply escaping on literals
--TEMPLATE--
-{% autoescape on %}
+{% autoescape true %}
1. Simple literal
{{ "<br />" }}
"autoescape" tags can be nested at will
--TEMPLATE--
{{ var }}
-{% autoescape on %}
+{% autoescape true %}
{{ var }}
- {% autoescape off %}
+ {% autoescape false %}
{{ var }}
- {% autoescape on %}
+ {% autoescape true %}
{{ var }}
{% endautoescape %}
{{ var }}
--TEST--
"autoescape" tag applies escaping to object method calls
--TEMPLATE--
-{% autoescape on %}
+{% autoescape true %}
{{ user.name }}
{{ user.name|lower }}
{{ user }}
--TEST--
"autoescape" tag accepts an escaping strategy
--TEMPLATE--
-{% autoescape on js %}{{ var }}{% endautoescape %}
+{% autoescape true js %}{{ var }}{% endautoescape %}
-{% autoescape on html %}{{ var }}{% endautoescape %}
+{% autoescape true html %}{{ var }}{% endautoescape %}
--DATA--
return array('var' => '<br />"')
--EXPECT--
escape types
--TEMPLATE--
-1. autoescape on |escape('js')
+1. autoescape true |escape('js')
-{% autoescape on %}
+{% autoescape true %}
<a onclick="alert("{{ msg|escape('js') }}")"></a>
{% endautoescape %}
-2. autoescape on html |escape('js')
+2. autoescape true html |escape('js')
-{% autoescape on html %}
+{% autoescape true html %}
<a onclick="alert("{{ msg|escape('js') }}")"></a>
{% endautoescape %}
-3. autoescape on js |escape('js')
+3. autoescape true js |escape('js')
-{% autoescape on js %}
+{% autoescape true js %}
<a onclick="alert("{{ msg|escape('js') }}")"></a>
{% endautoescape %}
4. no escape
-{% autoescape off %}
+{% autoescape false %}
<a onclick="alert("{{ msg }}")"></a>
{% endautoescape %}
5. |escape('js')|escape('html')
-{% autoescape off %}
+{% autoescape false %}
<a onclick="alert("{{ msg|escape('js')|escape('html') }}")"></a>
{% endautoescape %}
-6. autoescape on html |escape('js')|escape('html')
+6. autoescape true html |escape('js')|escape('html')
-{% autoescape on html %}
+{% autoescape true html %}
<a onclick="alert("{{ msg|escape('js')|escape('html') }}")"></a>
{% endautoescape %}
return array('msg' => "<>\n'\"")
--EXPECT--
-1. autoescape on |escape('js')
+1. autoescape true |escape('js')
<a onclick="alert("\x3c\x3e\x0a\x27\x22")"></a>
-2. autoescape on html |escape('js')
+2. autoescape true html |escape('js')
<a onclick="alert("\x3c\x3e\x0a\x27\x22")"></a>
-3. autoescape on js |escape('js')
+3. autoescape true js |escape('js')
<a onclick="alert("\x3c\x3e\x0a\x27\x22")"></a>
<a onclick="alert("\x3c\x3e\x0a\x27\x22")"></a>
-6. autoescape on html |escape('js')|escape('html')
+6. autoescape true html |escape('js')|escape('html')
<a onclick="alert("\x3c\x3e\x0a\x27\x22")"></a>
--TEST--
"autoescape" tag applies escaping after calling filters
--TEMPLATE--
-{% autoescape on %}
+{% autoescape true %}
(escape_and_nl2br is an escaper filter)
--TEST--
"autoescape" tag do not applies escaping on filter arguments
--TEMPLATE--
-{% autoescape on %}
+{% autoescape true %}
{{ var|nl2br("<br />") }}
{{ var|nl2br("<br />"|escape) }}
{{ var|nl2br(sep) }}
--TEST--
"autoescape" tag applies escaping after calling filters, and before calling pre_escape filters
--TEMPLATE--
-{% autoescape on %}
+{% autoescape true %}
(nl2br is pre_escaped for "html" and declared safe for "html")
--TEST--
"autoescape" tag does not escape when raw is used as a filter
--TEMPLATE--
-{% autoescape on %}
+{% autoescape true %}
{{ var|raw }}
{% endautoescape %}
--DATA--
projects / web/konrad/twig.git / commitdiff