I all, i've a problem when rendering a news in a twing template.
My html isn't escaped :
public function showAction($permalink){
$news = $this->get('doctrine')
->getEntityManager()
->getRepository('CompanySiteBundle:News')
->findOneByPermalink($permalink);
if (!$news) {
throw $this->createNotFoundException('error msg');
}
return $this->render('CompanySiteBundle:News:showNews.html.twig',
array('news' => $news));
}
I've found this in the documentation :
Output
Escaping¶<http://symfony.com/doc/2.0/cookbook/templating/PHP.html#output-escaping>
When using PHP templates, escape variables whenever they are displayed to
the user:
<?php echo $view->escape($var) ?>
By default, the escape() method assumes that the variable is outputted
within an HTML context. The second argument lets you change the context. For
instance, to output something in a JavaScript script, use the js context:
<?php echo $view->escape($var, 'js') ?>
But i don't know how to do this in my controller or in my view
Thanks!
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
