Closed joeworkman closed 2 days ago
Can you tell us more about what does not work? I've just tried and it works well. I realize that setSafeClasses()
might be a confusing method name. This is only to avoid escaping the return value for __toString()
methods.
Let me explain what I am trying to accomplish. The TotalForm class is essentially a form builder for my CMS. Its still a work in progress, but the twig currently looks like this...
{% set form = cms.objectFormBuilder('blog', {}) %}
{{ form.addField('text', 'mytext', {}) }}
{{ form.build() }}
The problem that I was trying to overcome was the need to add | raw
to the build statement since it outputs HTML. I thought setting the TotalForm class (the form
variable is an instance of TotalForm) to be "safe" would fix that.
What you are displaying is not the form
variable but the output of form.build()
Yes. That is correct. For now, I have globally disabled the need to use raw. Not ideal but I have to admit that it's nice since so much of my implementation displays HTML from my CMS.
Make your build method return a stringable object from a class configured as safe class (which could be the \Twig\Markup
object).
When you return a string, you have no way to mark it as safe.
An alternative method is to create a Twig function that would do this build (as Twig functions can tell Twig whether they output a safe value or no), making it look like {{ render_form(form) }}
I'm closing this issue as it was based on a misunderstanding of what safe classes are about. The phpdoc type of the method has been improved to make it more likely for such mistake to be detected.
My Twig extension implements a global that is an adapter for my CMS.
I would like to set all functions for this class to be safe. I thought that I could use
EscaperRuntime::setSafeClasses()
for this.It's not working. Am I close?