escape string in extension #4100

connorhu · 2024-05-24T08:24:41Z

connorhu
May 24, 2024

There is an extension which, under certain conditions, either renders a template or returns only a string. When it returns a string, I want to escape it, but when the render is done, the render handles the escaping. Because of this, this extension runs with 'is_safe' => ['html'].
This would be a "cheap" solution for escaping the string:

$escaper = $twig->getExtension(EscaperExtension::class);
return $escaper->escape($twig, self::stringValueForPresentationField($presentation, $field), 'html');

Since the escape method is internal, I feel this is less trusted, but I couldn't find a better solution. What would be a nice, fast and safe solution in this case?
I also considered doing a render, but I think that solution is resource expensive.

Answered by fabpot

May 24, 2024

You use this instead (see https://github.com/twigphp/Twig/blob/3.x/doc/deprecated.rst):

$escaper = $twig->getRuntime(EscaperRuntime::class);
return $escaper->escape($twig, self::stringValueForPresentationField($presentation, $field), 'html');

View full answer

fabpot · 2024-05-24T13:16:27Z

fabpot
May 24, 2024
Maintainer

You use this instead (see https://github.com/twigphp/Twig/blob/3.x/doc/deprecated.rst):

$escaper = $twig->getRuntime(EscaperRuntime::class);
return $escaper->escape($twig, self::stringValueForPresentationField($presentation, $field), 'html');

1 reply

connorhu May 25, 2024
Author

Thank you very much for your answer!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

escape string in extension #4100

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

escape string in extension #4100

connorhu May 24, 2024

Replies: 1 comment · 1 reply

fabpot May 24, 2024 Maintainer

connorhu May 25, 2024 Author

connorhu
May 24, 2024

Replies: 1 comment 1 reply

fabpot
May 24, 2024
Maintainer

connorhu May 25, 2024
Author