- 3.5. Expressions
3.5.7. HTML escaping - 3.5.6. Objects
« Previous - 3.6. Function reference
Next »
3.5.7. HTML escaping
The variable values placed in the HTML code may break our output structure or add strange tags to the result. Here is an example:
<p parse:style="$foo">Text</p>
If for some reason the value of $foo was <div>bar</div>, the result would be:
<p style="<div>bar</div>">Text</p>
However, in OPT it is not. The parser provides advanced escaping control that changes the dangerous characters into HTML entities so that they would not break the output code.
Attribute-level control
OPT assumes that on the attribute level, all the expressions placed as attribute values, must be escaped. Going back to our example, the result will be:
<p style="<div>bar</div>">Text</p>
Text-level control
On the level of expressions in curly brackets, the escaping is controlled in three ways:
- In the OPT configuration, using the
escapedirective. - In the current template - in
opt:rootoropt:extendinstructions the attributeescapewith the values yes or no. - In the current expression with the modifiers e: and u:
This is an example:
<opt:root escape="no"> <p>This expression will not be escaped: {$variable}</p> <p>This expression will be escaped: {e:$variable}</p> </opt:root>
The modifier e: at the beginning of the expression turns on the escaping, if it is disabled, and u: disables it.
OPT is smart enough not to escape the same expression twice, if we turned it on both in the configuration and in the expression itself.
- 3.5.7. HTML escaping
3.5. Expressions - « Previous
3.5.6. Objects - Next »
3.6. Function reference