function twig_escape_filter

Escapes a string.

Parameters

Twig_Environment $env A Twig_Environment instance:

string $string The value to be escaped:

string $strategy The escaping strategy:

string $charset The charset:

Boolean $autoescape Whether the function is called by the auto-escaping feature (true) or by the developer (false):

13 calls to twig_escape_filter()
TwigTestExtension::escape_and_nl2br in drupal/core/vendor/twig/twig/test/Twig/Tests/IntegrationTest.php
nl2br which also escapes, for testing escaper filters
Twig_Test_EscapingTest::testCssEscapingConvertsSpecialChars in drupal/core/vendor/twig/twig/test/Twig/Tests/escapingTest.php
Twig_Test_EscapingTest::testCssEscapingEscapesOwaspRecommendedRanges in drupal/core/vendor/twig/twig/test/Twig/Tests/escapingTest.php
Twig_Test_EscapingTest::testCssEscapingReturnsStringIfContainsOnlyDigits in drupal/core/vendor/twig/twig/test/Twig/Tests/escapingTest.php
Twig_Test_EscapingTest::testCssEscapingReturnsStringIfZeroLength in drupal/core/vendor/twig/twig/test/Twig/Tests/escapingTest.php

... See full list

1 string reference to 'twig_escape_filter'
Twig_Extension_Core::getFilters in drupal/core/vendor/twig/twig/lib/Twig/Extension/Core.php
Returns a list of filters to add to the existing list.

File

drupal/core/vendor/twig/twig/lib/Twig/Extension/Core.php, line 848

Code

function twig_escape_filter(Twig_Environment $env, $string, $strategy = 'html', $charset = null, $autoescape = false) {
  if ($autoescape && is_object($string) && $string instanceof Twig_Markup) {
    return $string;
  }
  if (!is_string($string) && !(is_object($string) && method_exists($string, '__toString'))) {
    return $string;
  }
  if (null === $charset) {
    $charset = $env
      ->getCharset();
  }
  $string = (string) $string;
  switch ($strategy) {
    case 'js':

      // escape all non-alphanumeric characters
      // into their \xHH or \uHHHH representations
      if ('UTF-8' != $charset) {
        $string = twig_convert_encoding($string, 'UTF-8', $charset);
      }
      if (0 == strlen($string) ? false : (1 == preg_match('/^./su', $string) ? false : true)) {
        throw new Twig_Error_Runtime('The string to escape is not a valid UTF-8 string.');
      }
      $string = preg_replace_callback('#[^a-zA-Z0-9,\\._]#Su', '_twig_escape_js_callback', $string);
      if ('UTF-8' != $charset) {
        $string = twig_convert_encoding($string, $charset, 'UTF-8');
      }
      return $string;
    case 'css':
      if ('UTF-8' != $charset) {
        $string = twig_convert_encoding($string, 'UTF-8', $charset);
      }
      if (0 == strlen($string) ? false : (1 == preg_match('/^./su', $string) ? false : true)) {
        throw new Twig_Error_Runtime('The string to escape is not a valid UTF-8 string.');
      }
      $string = preg_replace_callback('#[^a-zA-Z0-9]#Su', '_twig_escape_css_callback', $string);
      if ('UTF-8' != $charset) {
        $string = twig_convert_encoding($string, $charset, 'UTF-8');
      }
      return $string;
    case 'html_attr':
      if ('UTF-8' != $charset) {
        $string = twig_convert_encoding($string, 'UTF-8', $charset);
      }
      if (0 == strlen($string) ? false : (1 == preg_match('/^./su', $string) ? false : true)) {
        throw new Twig_Error_Runtime('The string to escape is not a valid UTF-8 string.');
      }
      $string = preg_replace_callback('#[^a-zA-Z0-9,\\.\\-_]#Su', '_twig_escape_html_attr_callback', $string);
      if ('UTF-8' != $charset) {
        $string = twig_convert_encoding($string, $charset, 'UTF-8');
      }
      return $string;
    case 'html':

      // see http://php.net/htmlspecialchars
      // Using a static variable to avoid initializing the array
      // each time the function is called. Moving the declaration on the
      // top of the function slow downs other escaping strategies.
      static $htmlspecialcharsCharsets = array(
        'iso-8859-1' => true,
        'iso8859-1' => true,
        'iso-8859-15' => true,
        'iso8859-15' => true,
        'utf-8' => true,
        'cp866' => true,
        'ibm866' => true,
        '866' => true,
        'cp1251' => true,
        'windows-1251' => true,
        'win-1251' => true,
        '1251' => true,
        'cp1252' => true,
        'windows-1252' => true,
        '1252' => true,
        'koi8-r' => true,
        'koi8-ru' => true,
        'koi8r' => true,
        'big5' => true,
        '950' => true,
        'gb2312' => true,
        '936' => true,
        'big5-hkscs' => true,
        'shift_jis' => true,
        'sjis' => true,
        '932' => true,
        'euc-jp' => true,
        'eucjp' => true,
        'iso8859-5' => true,
        'iso-8859-5' => true,
        'macroman' => true,
      );
      if (isset($htmlspecialcharsCharsets[strtolower($charset)])) {
        return htmlspecialchars($string, ENT_QUOTES | ENT_SUBSTITUTE, $charset);
      }
      $string = twig_convert_encoding($string, 'UTF-8', $charset);
      $string = htmlspecialchars($string, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
      return twig_convert_encoding($string, $charset, 'UTF-8');
    case 'url':
      if (version_compare(PHP_VERSION, '5.3.0', '<')) {
        return str_replace('%7E', '~', rawurlencode($string));
      }
      return rawurlencode($string);
    default:
      throw new Twig_Error_Runtime(sprintf('Invalid escaping strategy "%s" (valid ones: html, js, url, css, and html_attr).', $strategy));
  }
}