Mark Kirby helper functions as safe HTML output?

[fvsch]

From: https://gist.github.com/namaless/469b04b9cbb0356e03cb

$twig->addFunction(new Twig_SimpleFunction('css', function($css) {
    return css($css);
}, ['is_safe' => ['html']]));

[nunocodex]

This can output html code instead a filtered html :)

I love twig but for simple templates not really need, for a moment I never used twig for my projects, I used only in one where I have over 120 snippets and 20 templates.

[fvsch]

Yeah, the only thing I have doubts about is that if we mark those snippets as safe HTML:

• {{ markdown(page.text) }} will output unescaped HTML
• {{ page.text.markdown }} will output escaped HTML

So this creates a difference that is hard to reason about for template authors.

Another option would be to have two lists of helper functions:

1. First list is marked as safe HTML: snippet, css, js…
2. Second list is for working with page content, so we don’t mark it as safe.

For the record there’s a plugin setting for disabling Twig’s autoescaping:

c::set('plugin.twig.autoescape', false);

[nunocodex]

I think is a bad way to disable autoescape, the best way (and bad as well) is add all kirby helpers to twig (example from my gist), in this way all kirby helpers working fine. For your example is simple {{ pate.text.markdown | raw }}

for my previous idea is translate with {{ page.text | markdown }} instead {{ markdown(page.text) }}

[fvsch]

Okay, so:

• I marked the snippet() function as HTML-safe. But even with that the output was not escaped, probably because the function does an echo all by itself.
• I’m keeping everything else as unsafe-by-default (unless user overrides it in config). I don’t want to introduce differences between functions/filters and page methods.
• I’ve split the list of helpers in two: functions that generate new HTML tags (not from markdown/kirbytext) or that retrieve some information (mostly the get() helper) stay as functions, and functions that take a string and return the modified string will be Twig filters.