I have an action and a Twig-template.
Via render() it is possible to place a text for a Twig-tag {{ tagname }}.
But this text is escaped. Now I would like to place (not-escaped) HTML-code.
How is that done in Symfony2?
Escaping is handled by Twig.
{{ var }} leads to escaped output.
{{ var|raw }} leads to raw/not-escaped output.
raw is a filter.
Related
I have some html buttons I want to render with twig. This is the HTML:
<button class="btn btn-primary">Edit worklog</button>
I created a method in php to return the HTML string above which I pass in with twig like this:
{{ html.editWorklogButton|raw }}
But when the button is rendered with raw it also renders {{ worklog.id }} and {{ worklog.customerid }} raw of course, losing the id's, giving me href to:
localhost/Worklog/editWorklog?worklogid={{worklog.id}}&customerid={{worklog.customerid}}
which instead should be something like:
localhost/Worklog/editWorklog?worklogid=1&customerid=2
I've checked twig documentation, but can't find anything on this. Is this simply not possible to do?
You may use the template_from_string extension.
The template_from_string function loads a template from a string.
In your case, it should be something like this:
{{ include(template_from_string(html.editWorklogButton)) }}
I'm using PHP Laravel framework and I came to some code examples where {{ }} is use inside a html code, like this:
<link rel="stylesheet" href=" {{ URL::to('css/app.css') }} ">
My conclusion is that the {{ }} are used to write no-HTML code inside the HTML, is that correct?
And for what is the { } used?
Thanks for your answer.
There is no { } in Blade, {{ }} displays escaped data and {!! !!} displays unescaped data.
By default, Blade {{ }} statements are automatically sent through
PHP's htmlentities function to prevent XSS attacks. If you do not want
your data to be escaped, you may use the following syntax:
Hello, {!! $name !!}.
https://laravel.com/docs/5.3/blade#displaying-data
That is not php but rather syntax for the blade template system that laravel comes bundeled with.
In short, {{$aPhpVariable}} is basically compiled to <?= htmlentities($aPhpVariable) ?> (or even <?php echo htmlentities($aPhpVariable); ?>), but from what I know, there is no single bracket ({}) syntax.
You can also use normal php code inside blade templates or just treat it as a normal html page, but it does have a bunch of things that makes building the views a lot easier.
Go check out the docs for more info about blade!
To escape data use
{{ $data }}
If you don't want the data to be escaped use :
{!! $data !!}
{} is part of the syntax of PHP code. It's used in functions, blocks of code and objects.
{{ }} it part of Laravel's Blade template syntax, echoing something in a Laravel project.
There is way to turn autoescaping off in twig template in Symfony2. Like so:
{% autoescape false %}
{{ child.vars.label }}
{% endautoescape %}
How can I do something like this in PHP template? I got expanded choice type in my form, and I need to use images as labels. But Symfony keeps escaping my img tags.
Edit:
Sorry for misunderstood, but php templates have no autoescaping. If you want escaping in php templates you must do:
<?php echo $view->escape($var) ?>
Original answer:
In Twig use raw filter - http://twig.sensiolabs.org/doc/filters/raw.html
{{ child.vars.label | raw }}
I'm fairly new with twig, so I'm having a little trouble. How add tag to end of variable name?
{{ item.description|raw'</div>' }}
is correct?
description is with html tags
I think the best way is to add your tag out from twig:
{{ item.description|raw }}</div>
However, you could use concatenation:
{{ (item.description ~ '</div>')|raw }}
I'm using a HTML editor for fields, and having problem on printing the content on edit form using Model Binding and resource controller.
Since the editor accepts HTML tags, they not escaped (htmlentities way), and inserted raw.
While this might not be a problem, I need to find a way to print that text back into HTML editor with all HTML parsed, due to needed editing of the text.
This is the field that has a HTML editor attached through JS (for insert and edit):
{{ Form::textarea('text', null, array('class' => 'form-control')) }}
Out of model binding way of creating CRUD, {{ html_entity_decode($text) }} will do the job when outputting the text back to the editor.
Question:
Is there a way to add htmlentities() to model-bind-form? I need to print back the text containing html inside HTML editor that will parse it correctly.
P.S. using Laravel's helper e() doesn't seem to solve the problem.
Thanks in advance
Have you tried passing the decoded text into the form:textarea like this:
{{ Form::textarea('text', html_entity_decode($model->text), array('class' => 'form-control')) }}