Add Note on disabling auto-escaping with modifier variables

[tajmorton]

It would be nice to add a note to the VARIABLE header section of the documentation noting that you need to disable Twig auto-escaping when using a modifier in a query.

For example, if you have a VARIABLE with a modifier:

VARIABLE: { name: "quantity", display: "Quantity", type: "text", default: "-1", modifier_options: [">=", ">", "<=", "<", "="] }

and want to use it in a query, you must do:

ip.invoices_products_quantity {% autoescape false %} {{ quantity_modifier }} {% endautoescape %} "{{ quantity }}" AND

Without the autoescape marker, Twit will escape quantity_modifier and the query will look like ip.invoices_products_quantity > [value].

[jdorn]

Instead of documenting this workaround, I'd rather fix the underlying problem. HTML autoescaping doesn't help within SQL queries and causes unnecessarily code like you showed. Twig recently added support for custom escaping functions, so I'd like to make the default just escape quotes instead of also escaping < and >.

Just a note, instead of using autoescape, you can use the raw filter to save some keystrokes:

ip.invoices_products_quantity {{ quantity_modifier|raw }} "{{ quantity }}" AND