Symfony - Why do some variables get output escaped, and others do not?
In a Symfony 1.4 view, why do some variables get output escaped, and others do not?
I have escaping_strategy = true, and escaping_method = ESC_SPECIALCHARS.
If I do
$this->form = new SearchForm();
then in my view, $form will be a SearchForm. Or model objects also seem to come through as regular model objects.
But other variables, like arr开发者_StackOverfloways or a MongoCursor, get transformed into sfOutputEscaper___Decorator objects, and I can't access the raw methods directly. Why?
I understand that I can get the raw variable and then use its methods, but it's a guessing game for me right now, which is frustrating.
There are a handfull of classes that will skip any output escaping (because they primarily render HTML). By default sfView.class.php will mark the following as safe:
sfForm, sfFormField, sfFormFieldSchema, sfModelGeneratorHelper
So objects of, or inheriting from these classes will not be output escaped.
If you look at the relevant code in sfView.class.php, you'll also find how to mark additional classes as safe if you would like to do so:
sfOutputEscaper::markClassesAsSafe(array('sfForm', 'sfFormField', 'sfFormFieldSchema', 'sfModelGeneratorHelper'));
精彩评论