[TwigBridge] Fix rendering of currency by MoneyType #26663
Conversation
| * | ||
| * @author Roland Franssen <[email protected]> | ||
| */ | ||
| class HtmlEntitiesExtension extends AbstractExtension |
There was a problem hiding this comment.
instead of a dedicated exception, can't we make it in an existing one?
There was a problem hiding this comment.
FormExtension sounds good yes, and to really be conflict-safe id even suggest form_html_entities
There was a problem hiding this comment.
the conflict-safe id is solved by not providing a legacy extension name at all (we don't have BC issues with this extension)
There was a problem hiding this comment.
but we still need a filter name. html[_]entities has higher chance to be already defined in userland, hence var|form_html_entities.
|
Tests are red (and lowest deps need to be updated.) |
|
I consider this solution "too big" for the tiny use case being solved. Can't this be solved using some PHP code somewhere in Symfony Forms? Roland suggested this: |
| @@ -25,11 +25,11 @@ | |||
| {% if prepend or append %} | |||
| <div class="input-group"> | |||
| {% if prepend %} | |||
| <span class="input-group-addon">{{ money_pattern|replace({ '{{ widget }}':''}) }}</span> | |||
| <span class="input-group-addon">{{ money_pattern|html_entities|replace({ '{{ widget }}':''})|raw }}</span> | |||
There was a problem hiding this comment.
replacing {{ widget }} should be done before encoding entities IMO.
There was a problem hiding this comment.
actually no.. 🤔 that would display a HTML literal as {{widget}} contains the <input>
There was a problem hiding this comment.
What do you mean ? {{ widget }} is replaced by an empty string here
There was a problem hiding this comment.
confused the templates :) now updated.
|
|
||
| public function encode($input) | ||
| { | ||
| return htmlentities($input, ENT_QUOTES | (defined('ENT_SUBSTITUTE') ? ENT_SUBSTITUTE : 0), 'UTF-8'); |
There was a problem hiding this comment.
Twig does not guarantee it always runs in UTF-8. The charset should be handled properly.
| */ | ||
| public function getName() | ||
| { | ||
| return 'html_entities'; |
There was a problem hiding this comment.
not needed. The versions we support don't care about the name except for BC reasons (in latest 1.x), and we don't need to provide a BC layer for the name-based access for a new extension.
I understand your point, but then again, to me anything related to escaping, raw vars, encoding etc. is serious topic. I prefer the twig filter to properly solve this on the right level, the templating level. Doing it beforehand in PHP / ignoring the issue feels weird. To me the fix is just OK, this is really about 2.7 vs. master. |
| public function encodeCurrency(Environment $environment, $text) | ||
| { | ||
| if ('UTF-8' === $charset = $environment->getCharset()) { | ||
| return htmlspecialchars($text, ENT_QUOTES | (defined('ENT_SUBSTITUTE') ? ENT_SUBSTITUTE : 0), 'UTF-8'); |
There was a problem hiding this comment.
please use \defined, so that OPCache can resolve this at compile-time for recent PHP versions as it will know it is defined.
| @@ -25,11 +25,11 @@ | |||
| {% if prepend or append %} | |||
| <div class="input-group"> | |||
| {% if prepend %} | |||
| <span class="input-group-addon">{{ money_pattern|replace({ '{{ widget }}':''}) }}</span> | |||
| <span class="input-group-addon">{{ money_pattern|form_encode_currency|replace({ '{{ widget }}':''})|raw }}</span> | |||
There was a problem hiding this comment.
the replacement should be done first, which will avoid the need for the |raw filter.
| {% endif %} | ||
| {{- block('form_widget_simple') -}} | ||
| {% if append %} | ||
| <span class="input-group-addon">{{ money_pattern|replace({ '{{ widget }}':''}) }}</span> | ||
| <span class="input-group-addon">{{ money_pattern|form_encode_currency|replace({ '{{ widget }}':''})|raw }}</span> |
| @@ -33,7 +33,7 @@ public function testPassMoneyPatternToView() | |||
| $view = $this->factory->create(static::TESTED_TYPE) | |||
| ->createView(); | |||
|
|
|||
| $this->assertSame('{{ widget }} €', $view->vars['money_pattern']); | |||
| $this->assertSame('{{ widget }} €', $view->vars['money_pattern']); | |||
There was a problem hiding this comment.
These test changes look suspicious to me
There was a problem hiding this comment.
yeah we need 2 tests for utf+iso. The entity is a direct effect of using htmlentities, and what this topic is about: euro sign not being available in ISO (hence we use entities).
|
apart from tests; this seems the proper fix. As discussed with @nicolas-grekas to move widget replacement to extension level, making the template concise. functional-wise, ive tested both ISO+UTF on 2.7 without any problems. |
|
HHVM strikes again :( https://3v4l.org/NCWh2 |
| public function encodeCurrency(Environment $environment, $text, $widget = '') | ||
| { | ||
| if ('UTF-8' === $charset = $environment->getCharset()) { | ||
| $text = htmlspecialchars($text, ENT_QUOTES | (\defined('ENT_SUBSTITUTE') ? ENT_SUBSTITUTE : 0), 'UTF-8'); |
There was a problem hiding this comment.
ENT_QUOTES | ENT_SUBSTITUTE as of 3.4 instead
| @@ -25,11 +25,11 @@ | |||
| {% if prepend or append %} | |||
| <div class="input-group"> | |||
| {% if prepend %} | |||
| <span class="input-group-addon">{{ money_pattern|replace({ '{{ widget }}':''}) }}</span> | |||
| <span class="input-group-addon">{{ money_pattern|form_encode_currency }}</span> | |||
There was a problem hiding this comment.
bootstrap_base_layout.html.twig + bootstrap_4_layout.html.twig as of 3.4 instead
| @@ -30,7 +30,7 @@ | |||
| "symfony/security-core": "~2.6.13|~2.7.9|~2.8", | |||
| "symfony/security-csrf": "~2.6", | |||
| "symfony/stopwatch": "~2.3", | |||
| "symfony/templating": "~2.1", | |||
| "symfony/templating": "~2.7", | |||
There was a problem hiding this comment.
perhaps a conditional test is better, let me know.
| /** | ||
| * @internal | ||
| */ | ||
| public function encodeCurrency(Environment $environment, $text, $widget = '') |
There was a problem hiding this comment.
$currency instead of $text, and mandatory $widget
| } else { | ||
| $text = htmlentities($text, ENT_QUOTES | (\defined('ENT_SUBSTITUTE') ? ENT_SUBSTITUTE : 0), 'UTF-8'); | ||
| $text = iconv('UTF-8', $charset, $text); | ||
| $widget = iconv('UTF-8', $charset, $widget); |
There was a problem hiding this comment.
Are we sure $widget is always in UTF-8? This looks strange to me, because that would mean this is also bugged. Is it?
There was a problem hiding this comment.
i think we can assume we get raw html in UTF from the form component. Here we include it in a new safe html value concerning the target charset, using htmlentities instead of htmlspecialchars for escaping.
In general we are consistent with regular escaped output (ie. also in target charset) from twig_escape_filter.
There was a problem hiding this comment.
At least we treated this as UTF before also (result from block() in twig).
|
Thank you @ro0NL. |
This PR was squashed before being merged into the 2.7 branch (closes #26663). Discussion ---------- [TwigBridge] Fix rendering of currency by MoneyType | Q | A | ------------- | --- | Branch? | 2.7 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | todo | Fixed tickets | #25135 | License | MIT | Doc PR | - Split from #25167 as suggested by @nicolas-grekas to see if this can be reasonably fixed on 2.7, the right way using this itsy-bitsy new feature. #25167 still contains some valuable changes regarding tests. Ill continue either one PR depending on the target branch / proposed fix. Commits ------- a3a2ff0 [TwigBridge] Fix rendering of currency by MoneyType
Split from #25167 as suggested by @nicolas-grekas to see if this can be reasonably fixed on 2.7, the right way using this itsy-bitsy new feature.
#25167 still contains some valuable changes regarding tests. Ill continue either one PR depending on the target branch / proposed fix.