In my application I have a message ouput whit some html, in phalcon 2.0.x work fine and the Div Tag show messages and the fancy html was taket to show H2, A and other HTML tags.
Now with phalcon 3.0.0 the autoEscape option is enabled by default to the flash.output() and all code is showed like text in this way:
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button> <h4><i class="icon fa fa-ban"></i> Caution </h4>You do not have permission to access this area.
when should present a text like this:
Caution
You do not have permission to access this area.
Into the new version announcement say:
• Added ability to autoescape Flash messages #11448
$flash = new Phalcon\Flash\Session;
$flash->setEscaperService(new Phalcon\Escaper);
$flash->success("<script>alert('This will execute as JavaScript!')</script>");
echo $flash->output();
// <div class="successMessage"><script>alert('This will execute as JavaScript!')</script></div>
I try to set an autoescape config in my view near to the flash.output() code
{% autoescape false %}
{{ flash.output() }}
{% endautoescape %}
But is not working, the flash.output() show the code escaped. how i can send other HTML tags to a flash message whit no autoescape in phalcon 3.x?
If we see the phalcon/flash.zep the code show that autoescape is validated, but how can we set this value in my phalcon php code to chage the true value to false https://github.com/phalcon/cphalcon/blob/master/phalcon/flash.zep#L263
Any idea?