This question should be more general. I checked out the Twig source code,
and seen the following line :

<?php
// vendor/twig/twig/lib/Twig/Extension/Core.php

// ...
new Twig_SimpleFilter('nl2br', 'nl2br', array('pre_escape' => 'html',
'is_safe' => array('html'))),
// ...

So I think that this note just warn us about that "pre_escape" option set
to HTML.

But I don't understand anyway, because this flag doesn't change anything,
or I don't know how to use it.

I just coded a script on a standalone fresh twig install, and it looks like
I don't know how to use pre_escape option.

<?php

require_once("vendor/autoload.php");

$loader = new Twig_Loader_String();
$twig = new Twig_Environment($loader);

$filter = new Twig_SimpleFilter('test', function ($argument) {
return "<p>{$argument}</p>";
}, array('pre_escape' => 'html', 'is_safe' => array('html')));

$twig->addFilter($filter);

echo $twig->render('{{ "Hello \" <br/> \' & world!" | test }}');

This sample displays:

KolyMac:twig_tests ninsuo$ php pre_escape.php
<p>Hello " <br/> ' & world!</p>

No escaping on the input at all.

What does mean pre_escape in such a way?

Thanks,
--
--
If you want to report a vulnerability issue on Symfony, please read the procedure on http://symfony.com/security

You received this message because you are subscribed to the Google
Groups "Symfony2" group.
To post to this group, send email to symfony2-/***@public.gmane.org
To unsubscribe from this group, send email to
symfony2+unsubscribe-/***@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/symfony2?hl=en
---
You received this message because you are subscribed to the Google Groups "Symfony2" group.
To unsubscribe from this group and stop receiving emails from it, send an email to symfony2+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.

Hi,

Twig auto-escaping does not apply to string literals.
Try this code snippet :

{{ "<b>I like apples\nBut I prefer bananas</b>" }}
{% set foo = "<b>I like apples\nBut I prefer bananas</b>" %}
{{ foo }}

The first string should not be escaped, but the second one should be
because it is a string in a variable instead of a string literal.

I guess the pre-escaping term refers to something close to the
auto-escaping. That's why your string isn't getting escaped.

Pierre-Yves
--
--
If you want to report a vulnerability issue on Symfony, please read the procedure on http://symfony.com/security

You received this message because you are subscribed to the Google
Groups "Symfony2" group.
To post to this group, send email to symfony2-/***@public.gmane.org
To unsubscribe from this group, send email to
symfony2+unsubscribe-/***@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/symfony2?hl=en
---
You received this message because you are subscribed to the Google Groups "Symfony2" group.
To unsubscribe from this group and stop receiving emails from it, send an email to symfony2+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.

That's it, thanks for your support.

Alain
--
--
If you want to report a vulnerability issue on Symfony, please read the procedure on http://symfony.com/security

You received this message because you are subscribed to the Google
Groups "Symfony2" group.
To post to this group, send email to symfony2-/***@public.gmane.org
To unsubscribe from this group, send email to
symfony2+unsubscribe-/***@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/symfony2?hl=en
---
You received this message because you are subscribed to the Google Groups "Symfony2" group.
To unsubscribe from this group and stop receiving emails from it, send an email to symfony2+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.