Smarty Forum Index Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon.

"escape" variable modifier: errors, and needs more

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Documentation
View previous topic :: View next topic  
Author Message
dtgriscom
Smarty Rookie


Joined: 28 Sep 2007
Posts: 5

PostPosted: Wed Oct 03, 2007 9:13 pm    Post subject: "escape" variable modifier: errors, and needs more Reply with quote

In the English 2.6.14 documentation (and probably others), the description for the "escape" variable modifier, "html" variant, is wrong. The example claims that it escapes "&", "<", ">", """ and "'" characters, but it only escapes the "&", "<" and ">" characters.

More generally, the escape variable modifier could use a lot more information about the different variants.
Back to top
View user's profile Send private message Send e-mail
messju
Administrator


Joined: 16 Apr 2003
Posts: 3336
Location: Oldenburg, Germany

PostPosted: Thu Oct 04, 2007 10:52 am    Post subject: Reply with quote

Whenn I run ...|escape:html I get ' and " escaped to *#039; and *quot; (* should be ampersand but phpbb is too stupid)
Back to top
View user's profile Send private message Send e-mail Visit poster's website
dtgriscom
Smarty Rookie


Joined: 28 Sep 2007
Posts: 5

PostPosted: Thu Oct 04, 2007 1:38 pm    Post subject: Reply with quote

Well, heck: now this isn't a documentation thread anymore...

My tests show that the results are browser-dependent. On Firefox 1.07/WinXP, Firefox 2.0.0.6/OS X, and OmniWeb 5.5.4/OS X, "|escape:'html'" does this:
- "&" escaped to "&amp;"
- "<" escaped to "&lt;"
- ">" escaped to "&gt;"
- "'" escaped to "'"
- """ escaped to "&quot;"

However, using IE6 under WinXP, "|escape:'html'" does this:
- "&" escaped to "&amp;"
- "<" escaped to "&lt;"
- ">" escaped to "&gt;"
- "'" is NOT changed!
- """ is NOT changed!

There's also a difference in how "|nl2br" functions. On IE6/WinXP, any "\n" is changed to "<br />": the "<br />" replaces the "\n". On the other browsers, any "\n" is changed to "<br />\n": the "<br />" is inserted ahead of the "\n".
Back to top
View user's profile Send private message Send e-mail
messju
Administrator


Joined: 16 Apr 2003
Posts: 3336
Location: Oldenburg, Germany

PostPosted: Thu Oct 04, 2007 2:16 pm    Post subject: Reply with quote

dtgriscom wrote:
My tests show that the results are browser-dependent.


*never*. php (and smarty) is run on the server not in the browser.
maybe your browsers are lying to you. use curl it will tell you the true source.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
dtgriscom
Smarty Rookie


Joined: 28 Sep 2007
Posts: 5

PostPosted: Thu Oct 04, 2007 2:33 pm    Post subject: Reply with quote

I understand that smarty runs on the server, not the browser. I was assuming that there's some browser-specific code. However, now I find that the problem was (surprise, surprise) IE: using the "Save As... Web Page, Complete" option changes the HTML, while using the "Save As... Web Page, HTML Only" does not. Final results: no browser differences.


I'll still say that there needs to be more documentation on just what the different escape variable modifier options do, so that people won't have to test to see the exact results.
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Documentation All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP