We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

Can Volt autoescape by default

Can Volt Engine autoescape all variables printed? Something like:

$volt->setOption("autoEscape", true);

This question could be a security issue, as it is impossible to not to forget escapement of each statement.



506
Accepted
answer
edited May '14

There is an autoescape mode

https://docs.phalcon.io/en/latest/reference/volt.html#autoescape-mode

//Manually escaped: 
{{ robot.name|e }}

// Auto escaped:
{% autoescape true %}
{{ robot.name }}
{% endautoescape %}