Symfony World blog is not maintained anymore. Check new sys.exit() programming blog.

getRaw escaping problems

Scene from "Disney's Adventures of the Gummi Bears" by Jymn Magon & Art Vitello (introduced in 1985)

Probably most of us have encountered difficulties connected with default escaping mechanism in symfony templates. Yes, it is frustrating at times. But there are solutions to handle that.


single template solution

Suppose we have a executeShow action in our frontend module. We pass the object just retrieved from the db to the template.

public function executeShow(sfWebRequest $request)
{
  $this->article = Doctrine::getTable('Article')->find(array($request->getParameter('id')));
}

Then we have to add one line at the beginning of the showSuccess.php template file:

$article = $sf_data->getRaw('article');

From this line, no data shall be escaped (and all formatting will be displayed properly).


nested templates solution

We can also have more complicated templates structure. Suppose we have a executeIndex action in our frontend module. We pass the list of objects to the template.

public function executeIndex(sfWebRequest $request)
{
  $this->articles = Doctrine::getTable('Article')
    ->createQuery('a')
    ->execute();
}

Additionally, the indexSuccess.php file uses another template file:

<?php foreach ($articles as $article): ?>
  <?php include_partial('article/single', array('article' => $article)) ?>
<?php endforeach; ?>

We have to use the getRaw method IN ALL template/partial files. Just like in the previous example, we have to add one line at the beginning of the indexSuccess.php template file:


$articles = $sf_data->getRaw('articles');

And one line shall be added at the beginning of the _single.php partial file (the same as in the first example):

$article = $sf_data->getRaw('article');


Above solutions shall be sufficient in most cases.

5 comments:

  1. Sorry, but I don't understand yet why is necessary this line:

    $article = $sf_data->getRaw('article');

    When is supossed to work perfectly accessing directly with $article from template file (indexSuccess.php). Of course, if you first declare the variable like $this->article in action file (executeIndex).

    ReplyDelete
  2. Hi JG,
    this line is to prevent data from being escaped by the template. If this line is removed, special characters (especially XML tags) will be escaped. For example, you'll get & l t ; b & g t ; instead of <b>. If I didn't make myself clear enough, can you please provide a precise example?

    ReplyDelete
  3. It's new to me. Thanks for that information!

    ReplyDelete
  4. you can set a template variable as safe in the action so escaping is skipped.

    instead of writing:

    $this->headline = '{"foo":"bar"}';

    you can write:

    $this->setVar('headline', '{"foo":"bar"}', true);

    ReplyDelete