Phalcon 1.3.4, Windows 8.1.
For example i have that's string from user:
$tag = '<i>Tag word</i>';And i would like to show this in my template with htmlspecialchars() escaping. I found in volt docs that's part and when i try
{{ tag | escape }}it's just output value from variable, without any escaping!
Bug or wrong usage?
Hello I think you are corerct, just try to remove the spaces
{{ tag|escape }}I've executed:
<?php
// Создание компилятора
$compiler = new \Phalcon\Mvc\View\Engine\Volt\Compiler();
// Компиляция шаблона-строки, возвращающая PHP-код
echo $compiler->compileString('{% set tag = "<i>Tag word</i>" %}{{ tag | escape }}');And it produces the following PHP:
<?php $tag = '<i>Tag word</i>'; ?><?php echo $this->escaper->escapeHtml($tag); ?>Which uses the escaper service: https://docs.phalcon.io/ru/latest/reference/escaper.html
But what you promted after executing this php code? Escaped html?
I'm getting:
<i>Tag word</i>
Which is the same as running:
$escaper = new Phalcon\Escaper;
echo $escaper->escapeHtml('<i>Tag word</i>');Hm, but i'm getting raw passed html.
Could you post the HTML generated?
Hey! I found a solution. Trouble happened when using __toString() magic method. After I replaced it by tag.word it produce me Notice, because Volt know, that tag is declared keyword.
Okay, it's solved.