We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

Can Volt autoescape by default

Denys Apr '14

Created Apr '14	Last Reply Apr '14	Replies 1	Views 1182	Votes 2

Denys 1.3k

Can Volt Engine autoescape all variables printed? Something like:

$volt->setOption("autoEscape", true);

This question could be a security issue, as it is impossible to not to forget escapement of each statement.

nethox
506

Accepted
answer

edited May '14
Apr '14

There is an autoescape mode

//Manually escaped: 
{{ robot.name|e }}

// Auto escaped:
{% autoescape true %}
{{ robot.name }}
{% endautoescape %}