function twig_escape_filter

Escapes a string.

Parameters

Twig_Environment $env A Twig_Environment instance:

string $string The value to be escaped:

string $strategy The escaping strategy:

string $charset The charset:

Boolean $autoescape Whether the function is called by the auto-escaping feature (true) or by the developer (false):

1 call to twig_escape_filter()
TestExtension::escape_and_nl2br in drupal/core/vendor/twig/twig/test/Twig/Tests/integrationTest.php
nl2br which also escapes, for testing escaper filters
1 string reference to 'twig_escape_filter'
Twig_Extension_Core::getFilters in drupal/core/vendor/twig/twig/lib/Twig/Extension/Core.php
Returns a list of filters to add to the existing list.

File

drupal/core/vendor/twig/twig/lib/Twig/Extension/Core.php, line 745

Code

function twig_escape_filter(Twig_Environment $env, $string, $strategy = 'html', $charset = null, $autoescape = false) {
  if ($autoescape && is_object($string) && $string instanceof Twig_Markup) {
    return $string;
  }
  if (!is_string($string) && !(is_object($string) && method_exists($string, '__toString'))) {
    return $string;
  }
  if (null === $charset) {
    $charset = $env
      ->getCharset();
  }
  $string = (string) $string;
  switch ($strategy) {
    case 'js':

      // escape all non-alphanumeric characters
      // into their \xHH or \uHHHH representations
      if ('UTF-8' != $charset) {
        $string = twig_convert_encoding($string, 'UTF-8', $charset);
      }
      if (null === ($string = preg_replace_callback('#[^\\p{L}\\p{N} ]#u', '_twig_escape_js_callback', $string))) {
        throw new Twig_Error_Runtime('The string to escape is not a valid UTF-8 string.');
      }
      if ('UTF-8' != $charset) {
        $string = twig_convert_encoding($string, $charset, 'UTF-8');
      }
      return $string;
    case 'html':

      // see http://php.net/htmlspecialchars
      // Using a static variable to avoid initializing the array
      // each time the function is called. Moving the declaration on the
      // top of the function slow downs other escaping strategies.
      static $htmlspecialcharsCharsets = array(
        'iso-8859-1' => true,
        'iso8859-1' => true,
        'iso-8859-15' => true,
        'iso8859-15' => true,
        'utf-8' => true,
        'cp866' => true,
        'ibm866' => true,
        '866' => true,
        'cp1251' => true,
        'windows-1251' => true,
        'win-1251' => true,
        '1251' => true,
        'cp1252' => true,
        'windows-1252' => true,
        '1252' => true,
        'koi8-r' => true,
        'koi8-ru' => true,
        'koi8r' => true,
        'big5' => true,
        '950' => true,
        'gb2312' => true,
        '936' => true,
        'big5-hkscs' => true,
        'shift_jis' => true,
        'sjis' => true,
        '932' => true,
        'euc-jp' => true,
        'eucjp' => true,
        'iso8859-5' => true,
        'iso-8859-5' => true,
        'macroman' => true,
      );
      if (isset($htmlspecialcharsCharsets[strtolower($charset)])) {
        return htmlspecialchars($string, ENT_QUOTES | ENT_SUBSTITUTE, $charset);
      }
      $string = twig_convert_encoding($string, 'UTF-8', $charset);
      $string = htmlspecialchars($string, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
      return twig_convert_encoding($string, $charset, 'UTF-8');
    default:
      throw new Twig_Error_Runtime(sprintf('Invalid escaping strategy "%s" (valid ones: html, js).', $strategy));
  }
}