Use the sfOutputEscaper - it's smart enough to know if it's been escaped or not already and won't double escape.
On Wed, 28 Oct 2009 19:52:46 +0100, Tom Boutell <t...@punkave.com> wrote: > > I write plugins which other people use in their Symfony apps. > > They might be using any of the possible escaping_strategy settings. > > I need a consistent way to access the escaped and non-escaped forms of > the variables and request fields, REGARDLESS of that setting, because > I don't want to force a particular setting on third-party devs but I > don't want to fail to escape things properly either. > > The documentation says that $sf_data is only defined for certain > escaping strategies. > > Writing this everyplace I need raw access: > > isset($sf_data) ? $sf_data->getRaw('foo') : $foo > > Is not practical. Neither is: > > isset($sf_data) ? $sf_data->get('foo') : htmlspecialchars($foo) > > In all the places where I DO want escaping. > > Is there a clean way to do this? Should I require users of my plugins > to use the 'bc', 'on', 'or 'both' strategies and specifically refuse > to support 'off'? This might not be too awful, since 'bc' is the > default, but I'd hate to tell people they can't choose an escaping > strategy of their choice in their own code for performance reasons, as > the documentation says. > > Maybe I can specify an alternate escaping strategy on a per-module > basis somehow? > > Any help appreciated, thanks! > -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---