Problem/Motivation

Using |striptags on something should mark the output as safe.

Right now it doesn't, which results in double-encoding of html entities, fore example.

You have to use |striptags|raw currently as a workaround, but we don't want people to use |raw.

Proposed resolution

Using |striptags on something should mark the output as safe.

Remaining tasks

User interface changes

API changes

Data model changes

Comments

Berdir created an issue. See original summary.

Berdir’s picture

Issue summary: View changes
Cottser’s picture

Issue tags: +Twig

Thanks.

Version: 8.1.x-dev » 8.2.x-dev

Drupal 8.1.9 was released on September 7 and is the final bugfix release for the Drupal 8.1.x series. Drupal 8.1.x will not receive any further development aside from security fixes. Drupal 8.2.0-rc1 is now available and sites should prepare to upgrade to 8.2.0.

Bug reports should be targeted against the 8.2.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.3.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

mr.baileys’s picture

Seems to me that using |striptags in a Twig-template does not guarantee safe output, as you can pass allowed tags to the function ({{ output|striptags('<a><p><br>') }})?

Also, if we were to change this behaviour, this should be done upstream as this filter is defined in Twig's Twig_Extension_Core class?

joelpittet’s picture

Status: Active » Closed (works as designed)