Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Twig] Remove the deprecated autoescape option #18517

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 7, 2023
Merged

[Twig] Remove the deprecated autoescape option #18517

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 0 additions & 31 deletions reference/configuration/twig.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,37 +33,6 @@ compiled again automatically.

.. _config-twig-autoescape:

autoescape
~~~~~~~~~~

.. deprecated:: 6.1

This option is deprecated since Symfony 6.1. If required, use the
``autoescape_service`` or ``autoescape_service_method`` option instead.

**type**: ``boolean`` or ``string`` **default**: ``name``

If set to ``false``, automatic escaping is disabled (you can still escape each content
individually in the templates).

.. caution::

Setting this option to ``false`` is dangerous and it will make your
application vulnerable to `XSS attacks`_ because most third-party bundles
assume that auto-escaping is enabled and they don't escape contents
themselves.

If set to a string, the template contents are escaped using the strategy with
that name. Allowed values are ``html``, ``js``, ``css``, ``url``, ``html_attr``
and ``name``. The default value is ``name``. This strategy escapes contents
according to the template name extension (e.g. it uses ``html`` for ``*.html.twig``
templates and ``js`` for ``*.js.twig`` templates).

.. tip::

See `autoescape_service`_ and `autoescape_service_method`_ to define your
own escaping strategy.

autoescape_service
~~~~~~~~~~~~~~~~~~

Expand Down