From cda18ed947d7fed600e62f213a2296922d6ae209 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Sun, 12 Dec 2010 14:34:07 +0100 Subject: [PATCH] added the autoescape option to enable/disable autoescaping --- CHANGELOG | 1 + doc/03-Twig-for-Developers.markdown | 3 +++ lib/Twig/Environment.php | 26 +++++++++++++++++++------- lib/Twig/NodeVisitor/Escaper.php | 4 ++++ 4 files changed, 27 insertions(+), 7 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index e982534..fe2e680 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -8,6 +8,7 @@ Backward incompatibilities: Changes: + * added the autoescape option to enable/disable autoescaping * removed the newline after a comment (mimicks PHP behavior) * added a syntax error exception when parent block is used on a template that does not extend another one * made the Escaper and Optimizer extensions enabled by default diff --git a/doc/03-Twig-for-Developers.markdown b/doc/03-Twig-for-Developers.markdown index b0f3e34..377088e 100644 --- a/doc/03-Twig-for-Developers.markdown +++ b/doc/03-Twig-for-Developers.markdown @@ -95,6 +95,9 @@ The following options are available: do not exist) and replace them with a `null` value. When set to `true`, Twig throws an exception instead (default to `false`). + * `autoescape` (new in Twig 0.9.10): If set to `true`, auto-escaping will be + enabled by default for all templates (default to `true`). + >**CAUTION** >Before Twig 0.9.3, the `cache` and `auto_reload` options did not exist. They >were passed as a second and third arguments of the filesystem loader diff --git a/lib/Twig/Environment.php b/lib/Twig/Environment.php index a56c935..e7a80ed 100644 --- a/lib/Twig/Environment.php +++ b/lib/Twig/Environment.php @@ -57,6 +57,8 @@ class Twig_Environment * * strict_variables: Whether to ignore invalid variables in templates * (default to false). * + * * autoescape: Whether to enable auto-escaping (default to true). + * * @param Twig_LoaderInterface $loader A Twig_LoaderInterface instance * @param array $options An array of options * @param Twig_LexerInterface $lexer A Twig_LexerInterface instance @@ -81,18 +83,28 @@ class Twig_Environment $this->setCompiler($compiler); } - $this->debug = isset($options['debug']) ? (bool) $options['debug'] : false; - $this->charset = isset($options['charset']) ? $options['charset'] : 'UTF-8'; - $this->baseTemplateClass = isset($options['base_template_class']) ? $options['base_template_class'] : 'Twig_Template'; - $this->autoReload = isset($options['auto_reload']) ? (bool) $options['auto_reload'] : $this->debug; + $options = array_replace(array( + 'debug' => false, + 'charset' => 'UTF-8', + 'base_template_class' => 'Twig_Template', + 'strict_variables' => false, + 'autoescape' => true, + 'cache' => false, + 'auto_reload' => null, + ), $options); + + $this->debug = (bool) $options['debug']; + $this->charset = $options['charset']; + $this->baseTemplateClass = $options['base_template_class']; + $this->autoReload = null === $options['auto_reload'] ? $this->debug : (bool) $options['auto_reload']; $this->extensions = array( 'core' => new Twig_Extension_Core(), - 'escaper' => new Twig_Extension_Escaper(), + 'escaper' => new Twig_Extension_Escaper(array('autoescape' => (bool) $options['autoescape'])), 'optimizer' => new Twig_Extension_Optimizer(), ); - $this->strictVariables = isset($options['strict_variables']) ? (bool) $options['strict_variables'] : false; + $this->strictVariables = (bool) $options['strict_variables']; $this->runtimeInitialized = false; - if (isset($options['cache']) && $options['cache']) { + if ($options['cache']) { $this->setCache($options['cache']); } } diff --git a/lib/Twig/NodeVisitor/Escaper.php b/lib/Twig/NodeVisitor/Escaper.php index 8f0cc14..eccf57b 100644 --- a/lib/Twig/NodeVisitor/Escaper.php +++ b/lib/Twig/NodeVisitor/Escaper.php @@ -81,6 +81,10 @@ class Twig_NodeVisitor_Escaper implements Twig_NodeVisitorInterface $expression = $node->getNode('expr'); if ($this->isSafeFor($type, $expression, $env)) { + if ($expression instanceof Twig_Node_Expression_Filter && 'raw' == $expression->getNode('filter')->getAttribute('value')) { + $node->setNode('expr', $expression->getNode('node')); + } + return $node; } -- 1.7.2.5