Skip to content

Marking filters as escape-safe #4

Description

@fabpot

Hello,

I wrote a custom filter that, in addition to doing the basic htmlspecialchars() type conversion, converts any \n to
. I named the filter "custom_br".

I'm using the autoescape functionality, and I'm pondering whether it was a good idea that certain filters could be marked as "escape-safe".

That is: currently I have to write in the template:

{{ myVariable|custom_br|safe }}

I feel that the "|safe" part is kind of unneeded, or somehow "wrong".

Comments?

Implementation:

Currently the getFilters() hook returns an array of filters like this:

return array(
'custom_br' => array('my_function_name', false)
);

I suggest an alternative syntax:

return array(
'custom_br' => array(
'function' => 'my_function_name' # required
'safe' => true, # optional
'passEnv' => false, # optional
)
)
);

This would allow adding further features, such as a 'deterministic' => true for adding performance.

AFAIK:

  • this change could be made backward-compatible (the old syntax would be deprecated).
  • this change would not affect runtime performance

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions