Escapes a string.
Twig_Environment $env A Twig_Environment instance:
string $string The value to be escaped:
string $strategy The escaping strategy:
string $charset The charset:
Boolean $autoescape Whether the function is called by the auto-escaping feature (true) or by the developer (false):
function twig_escape_filter(Twig_Environment $env, $string, $strategy = 'html', $charset = null, $autoescape = false) {
if ($autoescape && is_object($string) && $string instanceof Twig_Markup) {
return $string;
}
if (!is_string($string) && !(is_object($string) && method_exists($string, '__toString'))) {
return $string;
}
if (null === $charset) {
$charset = $env
->getCharset();
}
$string = (string) $string;
switch ($strategy) {
case 'js':
// escape all non-alphanumeric characters
// into their \xHH or \uHHHH representations
if ('UTF-8' != $charset) {
$string = twig_convert_encoding($string, 'UTF-8', $charset);
}
if (0 == strlen($string) ? false : (1 == preg_match('/^./su', $string) ? false : true)) {
throw new Twig_Error_Runtime('The string to escape is not a valid UTF-8 string.');
}
$string = preg_replace_callback('#[^a-zA-Z0-9,\\._]#Su', '_twig_escape_js_callback', $string);
if ('UTF-8' != $charset) {
$string = twig_convert_encoding($string, $charset, 'UTF-8');
}
return $string;
case 'css':
if ('UTF-8' != $charset) {
$string = twig_convert_encoding($string, 'UTF-8', $charset);
}
if (0 == strlen($string) ? false : (1 == preg_match('/^./su', $string) ? false : true)) {
throw new Twig_Error_Runtime('The string to escape is not a valid UTF-8 string.');
}
$string = preg_replace_callback('#[^a-zA-Z0-9]#Su', '_twig_escape_css_callback', $string);
if ('UTF-8' != $charset) {
$string = twig_convert_encoding($string, $charset, 'UTF-8');
}
return $string;
case 'html_attr':
if ('UTF-8' != $charset) {
$string = twig_convert_encoding($string, 'UTF-8', $charset);
}
if (0 == strlen($string) ? false : (1 == preg_match('/^./su', $string) ? false : true)) {
throw new Twig_Error_Runtime('The string to escape is not a valid UTF-8 string.');
}
$string = preg_replace_callback('#[^a-zA-Z0-9,\\.\\-_]#Su', '_twig_escape_html_attr_callback', $string);
if ('UTF-8' != $charset) {
$string = twig_convert_encoding($string, $charset, 'UTF-8');
}
return $string;
case 'html':
// see http://php.net/htmlspecialchars
// Using a static variable to avoid initializing the array
// each time the function is called. Moving the declaration on the
// top of the function slow downs other escaping strategies.
static $htmlspecialcharsCharsets = array(
'iso-8859-1' => true,
'iso8859-1' => true,
'iso-8859-15' => true,
'iso8859-15' => true,
'utf-8' => true,
'cp866' => true,
'ibm866' => true,
'866' => true,
'cp1251' => true,
'windows-1251' => true,
'win-1251' => true,
'1251' => true,
'cp1252' => true,
'windows-1252' => true,
'1252' => true,
'koi8-r' => true,
'koi8-ru' => true,
'koi8r' => true,
'big5' => true,
'950' => true,
'gb2312' => true,
'936' => true,
'big5-hkscs' => true,
'shift_jis' => true,
'sjis' => true,
'932' => true,
'euc-jp' => true,
'eucjp' => true,
'iso8859-5' => true,
'iso-8859-5' => true,
'macroman' => true,
);
if (isset($htmlspecialcharsCharsets[strtolower($charset)])) {
return htmlspecialchars($string, ENT_QUOTES | ENT_SUBSTITUTE, $charset);
}
$string = twig_convert_encoding($string, 'UTF-8', $charset);
$string = htmlspecialchars($string, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
return twig_convert_encoding($string, $charset, 'UTF-8');
case 'url':
if (version_compare(PHP_VERSION, '5.3.0', '<')) {
return str_replace('%7E', '~', rawurlencode($string));
}
return rawurlencode($string);
default:
throw new Twig_Error_Runtime(sprintf('Invalid escaping strategy "%s" (valid ones: html, js, url, css, and html_attr).', $strategy));
}
}