Home/ Questions/Q 8140023
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T12:01:23+00:00

Depending on the format of the request Symfony2 returns a response of the same

  • 0

Depending on the format of the request Symfony2 returns a response of the same type (html, css, json, etc.). This is very appreciably. But if I make a template in a defined format and execute the escape character in that context, but eventually the page is rendered in a different format, this will not risk generating output dangerous?

Example: http://symfony.com/it/doc/current/book/index.html?_format=json

There is the danger of unintentionally create a resource that may contain hazardous output / unexpected? This is intentional? Why?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In the case of the official Symfony2 documentation, I think it is intentional. But if you make a template in a defined format and execute the escape character in that context, then you can to enforce the request allowed formats as follow:

    article_show:
  pattern:  /articles/{culture}/{year}/{title}.{_format}
  defaults: { _controller: AcmeDemoBundle:Article:show, _format: html }
  requirements:
    culture:  en|fr
    _format:  html|rss
    year:     \d+

    This example highlights the special _format routing parameter. When using this parameter, the matched value becomes the “request format” of the Request object. Ultimately, the request format is used for such things such as setting the Content-Type of the response (e.g. a json request format translates into a Content-Type of application/json). It can also be used in the controller to render a different template for each value of _format. The _format parameter is a very powerful way to render the same content in different formats. Read more…

    • 0