On 30.09.2010, at 16:38, Lukas Kahwe Smith wrote:
>
> On 30.09.2010, at 16:35, Jordi Boggiano wrote:
>
>> On 30.09.2010 16:25, Miha Vrhovnik wrote:
>>> I don't know if the case is same as in Dwoo, where with |safe you
>>> negate the default escape setting.
>>> e.g if escape is set to true |safe means DO NOT escape. and if escape
>>> is set to false it means DO escape...
>>
>> It is the same as in Dwoo at the moment, and both have taken it from
>> Django I believe, so you could argue keeping "safe" is good for people
>> with Django knowledge etc, but I agree |raw makes more sense.
>
>
> uhm if it just flips the default escaping strategy, then raw would be just as
> misleading, then it must be something like "|disabledefaultescaping" ..
> hopefully someone can come up with something shorter.
thinking about it some more. imho there should be a way of saying i never want
this escaped, regardless of the default escaping setting:
{{ form.content.render()|safe }}
here i know that the form will always return content that should never ever be
escaped and for that I do agree that "|raw" would be the way to go, but if i
understand things right, there is no way to do that atm?
{{ form.content.render()|raw }}
regards,
Lukas Kahwe Smith
[email protected]
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
