I’m playing around with Symfony and have encountered a road block.
I created a model “CmsPage” which has a field called “content” which is stored as a clob (this is specific to doctrine I believe). When I created the app I set “–escaping-strategy=on” so if I enter any html when editing a CmsPage that gets encoded with html entities or something along those lines. I would like to allow html in this field and a quick googling hasn’t helped much. Maybe I’m searching for the wrong terms.
Anywho I would like to disable character escaping for this field and possibly only allow a small selection of html tags. What is the correct way to do this in Symfony?
From http://www.librosweb.es/symfony_1_1_en/capitulo7/output_escaping.html
Every template has access to an $sf_data variable, which is a container object referencing all the escaped variables.
[skipped]
$sf_data also gives you access to the unescaped, or raw, data. This is useful when a variable stores HTML code meant to be interpreted by the browser, provided that you trust this variable. Call the getRaw() method when you need to output the raw data.
echo $sf_data->getRaw(‘test’);
=> alert(document.cookie)You will have to access raw data each time you need variables containing HTML to be really interpreted as HTML. You can now understand why the default layout uses $sf_data->getRaw(‘sf_content’) to include the template, rather than a simpler $sf_content, which breaks when output escaping is activated.