diff options
Diffstat (limited to 'vendor/twig/twig/doc/filters/escape.rst')
-rw-r--r-- | vendor/twig/twig/doc/filters/escape.rst | 93 |
1 files changed, 0 insertions, 93 deletions
diff --git a/vendor/twig/twig/doc/filters/escape.rst b/vendor/twig/twig/doc/filters/escape.rst deleted file mode 100644 index 5ade7d74..00000000 --- a/vendor/twig/twig/doc/filters/escape.rst +++ /dev/null | |||
@@ -1,93 +0,0 @@ | |||
1 | ``escape`` | ||
2 | ========== | ||
3 | |||
4 | .. versionadded:: 1.9.0 | ||
5 | The ``css``, ``url``, and ``html_attr`` strategies were added in Twig | ||
6 | 1.9.0. | ||
7 | |||
8 | The ``escape`` filter escapes a string for safe insertion into the final | ||
9 | output. It supports different escaping strategies depending on the template | ||
10 | context. | ||
11 | |||
12 | By default, it uses the HTML escaping strategy: | ||
13 | |||
14 | .. code-block:: jinja | ||
15 | |||
16 | {{ user.username|escape }} | ||
17 | |||
18 | For convenience, the ``e`` filter is defined as an alias: | ||
19 | |||
20 | .. code-block:: jinja | ||
21 | |||
22 | {{ user.username|e }} | ||
23 | |||
24 | The ``escape`` filter can also be used in other contexts than HTML thanks to | ||
25 | an optional argument which defines the escaping strategy to use: | ||
26 | |||
27 | .. code-block:: jinja | ||
28 | |||
29 | {{ user.username|e }} | ||
30 | {# is equivalent to #} | ||
31 | {{ user.username|e('html') }} | ||
32 | |||
33 | And here is how to escape variables included in JavaScript code: | ||
34 | |||
35 | .. code-block:: jinja | ||
36 | |||
37 | {{ user.username|escape('js') }} | ||
38 | {{ user.username|e('js') }} | ||
39 | |||
40 | The ``escape`` filter supports the following escaping strategies: | ||
41 | |||
42 | * ``html``: escapes a string for the **HTML body** context. | ||
43 | |||
44 | * ``js``: escapes a string for the **JavaScript context**. | ||
45 | |||
46 | * ``css``: escapes a string for the **CSS context**. CSS escaping can be | ||
47 | applied to any string being inserted into CSS and escapes everything except | ||
48 | alphanumerics. | ||
49 | |||
50 | * ``url``: escapes a string for the **URI or parameter contexts**. This should | ||
51 | not be used to escape an entire URI; only a subcomponent being inserted. | ||
52 | |||
53 | * ``html_attr``: escapes a string for the **HTML attribute** context. | ||
54 | |||
55 | .. note:: | ||
56 | |||
57 | Internally, ``escape`` uses the PHP native `htmlspecialchars`_ function | ||
58 | for the HTML escaping strategy. | ||
59 | |||
60 | .. caution:: | ||
61 | |||
62 | When using automatic escaping, Twig tries to not double-escape a variable | ||
63 | when the automatic escaping strategy is the same as the one applied by the | ||
64 | escape filter; but that does not work when using a variable as the | ||
65 | escaping strategy: | ||
66 | |||
67 | .. code-block:: jinja | ||
68 | |||
69 | {% set strategy = 'html' %} | ||
70 | |||
71 | {% autoescape 'html' %} | ||
72 | {{ var|escape('html') }} {# won't be double-escaped #} | ||
73 | {{ var|escape(strategy) }} {# will be double-escaped #} | ||
74 | {% endautoescape %} | ||
75 | |||
76 | When using a variable as the escaping strategy, you should disable | ||
77 | automatic escaping: | ||
78 | |||
79 | .. code-block:: jinja | ||
80 | |||
81 | {% set strategy = 'html' %} | ||
82 | |||
83 | {% autoescape 'html' %} | ||
84 | {{ var|escape(strategy)|raw }} {# won't be double-escaped #} | ||
85 | {% endautoescape %} | ||
86 | |||
87 | Arguments | ||
88 | --------- | ||
89 | |||
90 | * ``strategy``: The escaping strategy | ||
91 | * ``charset``: The string charset | ||
92 | |||
93 | .. _`htmlspecialchars`: http://php.net/htmlspecialchars | ||