Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mark types as "safe" #2548

Closed
lstrojny opened this issue Aug 23, 2017 · 1 comment · Fixed by #3025
Closed

Mark types as "safe" #2548

lstrojny opened this issue Aug 23, 2017 · 1 comment · Fixed by #3025

Comments

@lstrojny
Copy link
Contributor

Today when a value object is inherently safe to output it must extend {{Twig\Markup}} and therefore introduce a hard dependency to Twig. It would be appreciated if one could reverse that relationship and mark a type as safe. Something like:

$env = new \Twig\Environment(…, ['object_safelist' => ['js' => [ObjectThatIsSafeForJs::class], 'html' => [Object1ThatIsSafeForOutputInHtml::class, Object2ThatIsSafe::class]]]);

twig_escape_filter() would use that list to look up if the passed object is considered safe for the current escaping and output the result of __toString() as is.
@lstrojny lstrojny changed the title Mark type as "safe" Mark types as "safe" Aug 23, 2017
@rudiedirkx rudiedirkx mentioned this issue Dec 29, 2018
Closed
@fabpot fabpot mentioned this issue May 20, 2019
Merged
@fabpot
Copy link
Contributor

fabpot commented May 20, 2019

see #3025 for a possible implementation.

@fabpot fabpot closed this as completed May 20, 2019
fabpot added a commit that referenced this issue May 25, 2019
@fabpot
feature #3025 Add the possibility to register classes/interface as be…
b2f449f 
…ing safe (fabpot)

This PR was squashed before being merged into the 2.x branch (closes #3025).

Discussion
----------

Add the possibility to register classes/interface as being safe

closes #2548

To avoid a too big performance impact on the escaper, we aggressively cache the safe classes, which means that changing the. configuration at runtime is not possible (and having different ones on 2 Twig instances is not possible either, this is really *globally* configured).

Commits
-------

fe6503f -
b18733b added the possibility to register classes/interfaces as being safe for the escaper
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add the possibility to register classes/interface as being safe fabpot/Twig
2 participants
@fabpot @lstrojny