Reputation: 3802
Variable autoescape in Smarty templates
I have recently found out that Smarty, differently from Django template engine, does not escape variables automatically and I need to put |escape next to most of the variables in my templates.
Following the docs, http://www.smarty.net/docsv2/en/variable.default.modifiers.tpl I need to set default modifiers, needn't I?
So, here's my code:
$smarty = new Smarty();
$smarty->default_modifiers = array('escape:"htmlall"');
... and still variables ARE NOT escaped until I add |escape next to them.
What am I doing wrong?
Upvotes: 2
Views: 3206
Answers (2)
Reputation: 17010
If you are on Smarty 3, try this:
$smarty = new Smarty();
$smarty->loadFilter(Smarty::FILTER_VARIABLE, "htmlentities");
Tadà!
Update: Smarty::FILTER_VARIABLE is undocumented as of 28/11/2014. Use $smarty->escape_html = true if you want to stick to offical docs.
Upvotes: 5
Reputation: 3633
It appears that this feature was removed from Smarty v3, and docs are outdated. See:
http://www.smarty.net/forums/viewtopic.php?p=62207
I'd recommend a workaround - which is template level. Either create a new style v3 function to take care of filtration, or, do a simple include.
Include method
Put this in a clean.tpl file:
{$text|escape:htmlall}
Then invoke as {include file=clean.tpl text=$myvariabletofilter}
Function method
The new functions in Smarty could also take care of that:
{function clean}
{$text|escape:htmlall}
{/function}
And invoke as {clean text=$myvariabletofilter}
As always, make sure that these things get trimmed right and don't insert unncessary spaces.
Upvotes: 0
Related Questions
- Assign smarty variable during template time
- Assigning to a variable in Smarty
- Smarty Templates - Variable Inside Variable?
- Insert Smarty variable in a variable
- Smarty assigned template variables
- SMARTY - How to display template variables
- Smarty template question
- smarty template engine
- Eval Smarty Code inside a Smarty Template
- Smarty Variables