From 9ecf090ae8d2256ba3d08bd11ca170b6aeedfbd8 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Wed, 25 Apr 2012 07:30:52 +0200 Subject: [PATCH] simplified usage of the autoescape tag; the only argument is now the escaping strategy or false --- CHANGELOG | 1 + doc/tags/autoescape.rst | 12 ++++++++- lib/Twig/TokenParser/AutoEscape.php | 16 +++++++++---- .../Twig/Tests/Fixtures/tags/autoescape/basic.test | 2 +- .../Tests/Fixtures/tags/autoescape/blocks.test | 2 +- .../Fixtures/tags/autoescape/double_escaping.test | 2 +- .../Tests/Fixtures/tags/autoescape/functions.test | 12 +++++----- .../Tests/Fixtures/tags/autoescape/literal.test | 2 +- .../Tests/Fixtures/tags/autoescape/nested.test | 4 +- .../Tests/Fixtures/tags/autoescape/objects.test | 2 +- test/Twig/Tests/Fixtures/tags/autoescape/raw.test | 2 +- .../Tests/Fixtures/tags/autoescape/strategy.test | 6 +++++ test/Twig/Tests/Fixtures/tags/autoescape/type.test | 24 ++++++++++---------- .../Fixtures/tags/autoescape/with_filters.test | 2 +- .../tags/autoescape/with_filters_arguments.test | 2 +- .../tags/autoescape/with_pre_escape_filters.test | 2 +- .../autoescape/with_preserves_safety_filters.test | 2 +- 17 files changed, 58 insertions(+), 37 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index a4be99f..e71fb2d 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,6 @@ * 1.8.0 (2012-XX-XX) + * simplified usage of the autoescape tag; the only argument is now the escaping strategy or false (with a BC layer) * added a way to dynamically change the auto-escaping strategy according to the template "filename" * changed the autoescape option to also accept a supported escaping strategy (for BC, true is equivalent to html) * added an embed tag diff --git a/doc/tags/autoescape.rst b/doc/tags/autoescape.rst index 89c0420..dd7a463 100644 --- a/doc/tags/autoescape.rst +++ b/doc/tags/autoescape.rst @@ -6,19 +6,27 @@ template to be escaped or not by using the ``autoescape`` tag: .. code-block:: jinja - {% autoescape true %} + {% autoescape true %} {# as of Twig 1.8, this is equivalent to {% autoescape 'html' %} #} Everything will be automatically escaped in this block + using the HTML strategy {% endautoescape %} {% autoescape false %} - Everything will be outputed as is in this block + Everything will be outputted as is in this block {% endautoescape %} + {# deprecated as of Twig 1.8 #} {% autoescape true js %} Everything will be automatically escaped in this block using the js escaping strategy {% endautoescape %} + {# as of Twig 1.8 #} + {% autoescape 'js' %} + Everything will be automatically escaped in this block + using the js escaping strategy + {% endautoescape %} + When automatic escaping is enabled everything is escaped by default except for values explicitly marked as safe. Those can be marked in the template by using the :doc:`raw<../filters/raw>` filter: diff --git a/lib/Twig/TokenParser/AutoEscape.php b/lib/Twig/TokenParser/AutoEscape.php index 880e664..5532dca 100644 --- a/lib/Twig/TokenParser/AutoEscape.php +++ b/lib/Twig/TokenParser/AutoEscape.php @@ -39,13 +39,19 @@ class Twig_TokenParser_AutoEscape extends Twig_TokenParser public function parse(Twig_Token $token) { $lineno = $token->getLine(); - $value = $this->parser->getStream()->expect(Twig_Token::NAME_TYPE)->getValue(); - if (!in_array($value, array('true', 'false'))) { - throw new Twig_Error_Syntax("Autoescape value must be 'true' or 'false'", $lineno); + $expr = $this->parser->getExpressionParser()->parseExpression(); + if (!$expr instanceof Twig_Node_Expression_Constant) { + throw new Twig_Error_Syntax('An escaping strategy must be a string or a Boolean.', $lineno); } - $value = 'true' === $value ? 'html' : false; + $value = $expr->getAttribute('value'); - if ($this->parser->getStream()->test(Twig_Token::NAME_TYPE)) { + $compat = true === $value || false === $value; + + if (true === $value) { + $value = 'html'; + } + + if ($compat && $this->parser->getStream()->test(Twig_Token::NAME_TYPE)) { if (false === $value) { throw new Twig_Error_Syntax('Unexpected escaping strategy as you set autoescaping to false.', $lineno); } diff --git a/test/Twig/Tests/Fixtures/tags/autoescape/basic.test b/test/Twig/Tests/Fixtures/tags/autoescape/basic.test index 62d8c3c..3bb7017 100644 --- a/test/Twig/Tests/Fixtures/tags/autoescape/basic.test +++ b/test/Twig/Tests/Fixtures/tags/autoescape/basic.test @@ -1,7 +1,7 @@ --TEST-- "autoescape" tag applies escaping on its children --TEMPLATE-- -{% autoescape true %} +{% autoescape 'html' %} {{ var }}
{% endautoescape %} {% autoescape false %} diff --git a/test/Twig/Tests/Fixtures/tags/autoescape/blocks.test b/test/Twig/Tests/Fixtures/tags/autoescape/blocks.test index b48f73e..05ab83c 100644 --- a/test/Twig/Tests/Fixtures/tags/autoescape/blocks.test +++ b/test/Twig/Tests/Fixtures/tags/autoescape/blocks.test @@ -1,7 +1,7 @@ --TEST-- "autoescape" tag applies escaping on embedded blocks --TEMPLATE-- -{% autoescape true %} +{% autoescape 'html' %} {% block foo %} {{ var }} {% endblock %} diff --git a/test/Twig/Tests/Fixtures/tags/autoescape/double_escaping.test b/test/Twig/Tests/Fixtures/tags/autoescape/double_escaping.test index fd62a84..9c09724 100644 --- a/test/Twig/Tests/Fixtures/tags/autoescape/double_escaping.test +++ b/test/Twig/Tests/Fixtures/tags/autoescape/double_escaping.test @@ -1,7 +1,7 @@ --TEST-- "autoescape" tag does not double-escape --TEMPLATE-- -{% autoescape true %} +{% autoescape 'html' %} {{ var|escape }} {% endautoescape %} --DATA-- diff --git a/test/Twig/Tests/Fixtures/tags/autoescape/functions.test b/test/Twig/Tests/Fixtures/tags/autoescape/functions.test index 9a229d0..864655c 100644 --- a/test/Twig/Tests/Fixtures/tags/autoescape/functions.test +++ b/test/Twig/Tests/Fixtures/tags/autoescape/functions.test @@ -13,8 +13,8 @@ unsafe_br {% endautoescape %} -autoescape true -{% autoescape true %} +autoescape 'html' +{% autoescape 'html' %} safe_br {{ safe_br() }} @@ -36,8 +36,8 @@ unsafe_br()|escape {% endautoescape %} -autoescape true js -{% autoescape true js %} +autoescape js +{% autoescape 'js' %} safe_br {{ safe_br() }} @@ -56,7 +56,7 @@ unsafe_br
-autoescape true +autoescape 'html' safe_br
@@ -77,7 +77,7 @@ unsafe_br()|escape <br /> -autoescape true js +autoescape js safe_br \x3cbr \x2f\x3e diff --git a/test/Twig/Tests/Fixtures/tags/autoescape/literal.test b/test/Twig/Tests/Fixtures/tags/autoescape/literal.test index 4c92d08..775bfd0 100644 --- a/test/Twig/Tests/Fixtures/tags/autoescape/literal.test +++ b/test/Twig/Tests/Fixtures/tags/autoescape/literal.test @@ -1,7 +1,7 @@ --TEST-- "autoescape" tag does not apply escaping on literals --TEMPLATE-- -{% autoescape true %} +{% autoescape 'html' %} 1. Simple literal {{ "
" }} diff --git a/test/Twig/Tests/Fixtures/tags/autoescape/nested.test b/test/Twig/Tests/Fixtures/tags/autoescape/nested.test index c911211..798e6fe 100644 --- a/test/Twig/Tests/Fixtures/tags/autoescape/nested.test +++ b/test/Twig/Tests/Fixtures/tags/autoescape/nested.test @@ -2,11 +2,11 @@ "autoescape" tags can be nested at will --TEMPLATE-- {{ var }} -{% autoescape true %} +{% autoescape 'html' %} {{ var }} {% autoescape false %} {{ var }} - {% autoescape true %} + {% autoescape 'html' %} {{ var }} {% endautoescape %} {{ var }} diff --git a/test/Twig/Tests/Fixtures/tags/autoescape/objects.test b/test/Twig/Tests/Fixtures/tags/autoescape/objects.test index f6c03ed..e896aa4 100644 --- a/test/Twig/Tests/Fixtures/tags/autoescape/objects.test +++ b/test/Twig/Tests/Fixtures/tags/autoescape/objects.test @@ -1,7 +1,7 @@ --TEST-- "autoescape" tag applies escaping to object method calls --TEMPLATE-- -{% autoescape true %} +{% autoescape 'html' %} {{ user.name }} {{ user.name|lower }} {{ user }} diff --git a/test/Twig/Tests/Fixtures/tags/autoescape/raw.test b/test/Twig/Tests/Fixtures/tags/autoescape/raw.test index 86e55fd..9f1cedd 100644 --- a/test/Twig/Tests/Fixtures/tags/autoescape/raw.test +++ b/test/Twig/Tests/Fixtures/tags/autoescape/raw.test @@ -1,7 +1,7 @@ --TEST-- "autoescape" tag does not escape when raw is used as a filter --TEMPLATE-- -{% autoescape true %} +{% autoescape 'html' %} {{ var|raw }} {% endautoescape %} --DATA-- diff --git a/test/Twig/Tests/Fixtures/tags/autoescape/strategy.test b/test/Twig/Tests/Fixtures/tags/autoescape/strategy.test index 9ea4fd4..101d5af 100644 --- a/test/Twig/Tests/Fixtures/tags/autoescape/strategy.test +++ b/test/Twig/Tests/Fixtures/tags/autoescape/strategy.test @@ -4,8 +4,14 @@ {% autoescape true js %}{{ var }}{% endautoescape %} {% autoescape true html %}{{ var }}{% endautoescape %} + +{% autoescape 'js' %}{{ var }}{% endautoescape %} + +{% autoescape 'html' %}{{ var }}{% endautoescape %} --DATA-- return array('var' => '
"') --EXPECT-- \x3cbr \x2f\x3e\x22 <br />" +\x3cbr \x2f\x3e\x22 +<br />" diff --git a/test/Twig/Tests/Fixtures/tags/autoescape/type.test b/test/Twig/Tests/Fixtures/tags/autoescape/type.test index 17cec13..10fd63f 100644 --- a/test/Twig/Tests/Fixtures/tags/autoescape/type.test +++ b/test/Twig/Tests/Fixtures/tags/autoescape/type.test @@ -2,21 +2,21 @@ escape types --TEMPLATE-- -1. autoescape true |escape('js') +1. autoescape 'html' |escape('js') -{% autoescape true %} +{% autoescape 'html' %} {% endautoescape %} -2. autoescape true html |escape('js') +2. autoescape 'html' |escape('js') -{% autoescape true html %} +{% autoescape 'html' %} {% endautoescape %} -3. autoescape true js |escape('js') +3. autoescape 'js' |escape('js') -{% autoescape true js %} +{% autoescape 'js' %} {% endautoescape %} @@ -32,9 +32,9 @@ escape types {% endautoescape %} -6. autoescape true html |escape('js')|escape('html') +6. autoescape 'html' |escape('js')|escape('html') -{% autoescape true html %} +{% autoescape 'html' %} {% endautoescape %} @@ -42,15 +42,15 @@ escape types return array('msg' => "<>\n'\"") --EXPECT-- -1. autoescape true |escape('js') +1. autoescape 'html' |escape('js') -2. autoescape true html |escape('js') +2. autoescape 'html' |escape('js') -3. autoescape true js |escape('js') +3. autoescape 'js' |escape('js') @@ -63,7 +63,7 @@ return array('msg' => "<>\n'\"") -6. autoescape true html |escape('js')|escape('html') +6. autoescape 'html' |escape('js')|escape('html') diff --git a/test/Twig/Tests/Fixtures/tags/autoescape/with_filters.test b/test/Twig/Tests/Fixtures/tags/autoescape/with_filters.test index d795b82..7821a9a 100644 --- a/test/Twig/Tests/Fixtures/tags/autoescape/with_filters.test +++ b/test/Twig/Tests/Fixtures/tags/autoescape/with_filters.test @@ -1,7 +1,7 @@ --TEST-- "autoescape" tag applies escaping after calling filters --TEMPLATE-- -{% autoescape true %} +{% autoescape 'html' %} (escape_and_nl2br is an escaper filter) diff --git a/test/Twig/Tests/Fixtures/tags/autoescape/with_filters_arguments.test b/test/Twig/Tests/Fixtures/tags/autoescape/with_filters_arguments.test index 0ff1ad3..f58a1e0 100644 --- a/test/Twig/Tests/Fixtures/tags/autoescape/with_filters_arguments.test +++ b/test/Twig/Tests/Fixtures/tags/autoescape/with_filters_arguments.test @@ -1,7 +1,7 @@ --TEST-- "autoescape" tag do not applies escaping on filter arguments --TEMPLATE-- -{% autoescape true %} +{% autoescape 'html' %} {{ var|nl2br("
") }} {{ var|nl2br("
"|escape) }} {{ var|nl2br(sep) }} diff --git a/test/Twig/Tests/Fixtures/tags/autoescape/with_pre_escape_filters.test b/test/Twig/Tests/Fixtures/tags/autoescape/with_pre_escape_filters.test index 44d42e7..134c77e 100644 --- a/test/Twig/Tests/Fixtures/tags/autoescape/with_pre_escape_filters.test +++ b/test/Twig/Tests/Fixtures/tags/autoescape/with_pre_escape_filters.test @@ -1,7 +1,7 @@ --TEST-- "autoescape" tag applies escaping after calling filters, and before calling pre_escape filters --TEMPLATE-- -{% autoescape true %} +{% autoescape 'html' %} (nl2br is pre_escaped for "html" and declared safe for "html") diff --git a/test/Twig/Tests/Fixtures/tags/autoescape/with_preserves_safety_filters.test b/test/Twig/Tests/Fixtures/tags/autoescape/with_preserves_safety_filters.test index 5dfbc79..32d3943 100644 --- a/test/Twig/Tests/Fixtures/tags/autoescape/with_preserves_safety_filters.test +++ b/test/Twig/Tests/Fixtures/tags/autoescape/with_preserves_safety_filters.test @@ -1,7 +1,7 @@ --TEST-- "autoescape" tag handles filters preserving the safety --TEMPLATE-- -{% autoescape true %} +{% autoescape 'html' %} (preserves_safety is preserving safety for "html") -- 1.7.2.5