Get Smarty

Donate

Paypal

Smarty Icon

You may use the Smarty logo according to the trademark notice.

Smarty Template Engine Smarty Template Engine

For sponsorship, advertising, news or other inquiries, contact us at:

Sites Using Smarty

Advertisement

escape

escape is used to encode or escape a variable to for example html, url, single quotes, hex, hexentity, javascript and mail. By default its html.

Parameter Position Type Required Possible Values Default Description
1 string No html, htmlall, url, urlpathinfo, quotes, hex, hexentity, javascript, mail html This is the escape format to use.
2 string No ISO-8859-1, UTF-8, and any character set supported by htmlentities() ISO-8859-1 The character set encoding passed to htmlentities() et. al.

Example 5.10. escape


<?php

$smarty->assign('articleTitle',
                "'Stiff Opposition Expected to Casketless Funeral Plan'"
                );
$smarty->assign('EmailAddress','smarty@example.com');

?>

   

These are example escape template lines followed by the output


{$articleTitle}
'Stiff Opposition Expected to Casketless Funeral Plan'

{$articleTitle|escape}
&#039;Stiff Opposition Expected to Casketless Funeral Plan&#039;

{$articleTitle|escape:'html'}    {* escapes  & " ' < > *}
&#039;Stiff Opposition Expected to Casketless Funeral Plan&#039;

{$articleTitle|escape:'htmlall'} {* escapes ALL html entities *}
&#039;Stiff Opposition Expected to Casketless Funeral Plan&#039;

<a href="?title={$articleTitle|escape:'url'}">click here</a>
<a
href="?title=%27Stiff%20Opposition%20Expected%20to%20Casketless%20Funeral%20Plan%27">click here</a>

{$articleTitle|escape:'quotes'}
\'Stiff Opposition Expected to Casketless Funeral Plan\'

<a href="mailto:{$EmailAddress|escape:"hex"}">{$EmailAddress|escape:"hexentity"}</a>
{$EmailAddress|escape:'mail'}    {* this converts to email to text *}
<a href="mailto:%62%6f%..snip..%65%74">&#x62;&#x6f;&#x62..snip..&#x65;&#x74;</a>

{'mail@example.com'|escape:'mail'}
smarty [AT] example [DOT] com

   

Example 5.11. Other examples

PHP functions can be used as modifiers, $security permitting.


{* the "rewind" paramater registers the current location *}
<a href="{$SCRIPT_NAME}?page=foo&rewind={$smarty.server.REQUEST_URI|urlencode}">click here</a>

   

This snippet is useful for emails, but see also {mailto}


{* email address mangled *}
<a href="mailto:{$EmailAddress|escape:'hex'}">{$EmailAddress|escape:'mail'}</a>

   

See also escaping smarty parsing, {mailto} and the obfuscating email addresses page.

Comments
by Matthew Waygood on Feb 13, 2012 at 10:45
As we know multi-line comments start <!-- and end --> So having --> within a comment is a bad thing, as the rest will be displayed. Add the following to modifier.escape.php
        case 'comment':
            // escape double dashes- which denotes the start-tag for the end of the comment
            return strtr($string, array('--'=>'- - '));
To make it easier to understand I used the javascript escape method and replaced '--' with '- - '. The comment will only be visible in the source, so we still need human readable characters, rather than hex/octal codes.

Advertisement

Sponsors [info]

Sponsors