Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

Volt escaping

Phalcon 1.3.4, Windows 8.1.

For example i have that's string from user:

$tag = '<i>Tag word</i>';

And i would like to show this in my template with htmlspecialchars() escaping. I found in volt docs that's part and when i try

{{ tag | escape }}

it's just output value from variable, without any escaping!

Bug or wrong usage?



340

Hello I think you are corerct, just try to remove the spaces

{{ tag|escape }}

I've executed:

<?php

// Создание компилятора
$compiler = new \Phalcon\Mvc\View\Engine\Volt\Compiler();

// Компиляция шаблона-строки, возвращающая PHP-код
echo $compiler->compileString('{% set tag = "<i>Tag word</i>" %}{{ tag | escape }}');

And it produces the following PHP:

<?php $tag = '<i>Tag word</i>'; ?><?php echo $this->escaper->escapeHtml($tag); ?>

Which uses the escaper service: http://docs.phalconphp.com/ru/latest/reference/escaper.html

But what you promted after executing this php code? Escaped html?

I'm getting:

&lt;i&gt;Tag word&lt;/i&gt;

Which is the same as running:

$escaper = new Phalcon\Escaper;
echo $escaper->escapeHtml('<i>Tag word</i>');
edited Apr '15

Hm, but i'm getting raw passed html.

Could you post the HTML generated?



5.8k
Accepted
answer
edited Apr '15

Hey! I found a solution. Trouble happened when using __toString() magic method. After I replaced it by tag.word it produce me Notice, because Volt know, that tag is declared keyword.

Okay, it's solved.