Using |striptags on something should mark the output as safe.

Right now it doesn't, which results in double-encoding of html entities, fore example.

You have to use |striptags|raw currently as a workaround, but we don't want people to use |raw.

Proposed resolution

Using |striptags on something should mark the output as safe.

Remaining tasks

User interface changes

API changes

Data model changes


Berdir created an issue. See original summary.

Berdir’s picture

Issue summary: View changes
Cottser’s picture

Issue tags: +Twig


Version: 8.1.x-dev » 8.2.x-dev

Drupal 8.1.9 was released on September 7 and is the final bugfix release for the Drupal 8.1.x series. Drupal 8.1.x will not receive any further development aside from security fixes. Drupal 8.2.0-rc1 is now available and sites should prepare to upgrade to 8.2.0.

Bug reports should be targeted against the 8.2.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.3.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

mr.baileys’s picture

Seems to me that using |striptags in a Twig-template does not guarantee safe output, as you can pass allowed tags to the function ({{ output|striptags('<a><p><br>') }})?

Also, if we were to change this behaviour, this should be done upstream as this filter is defined in Twig's Twig_Extension_Core class?

joelpittet’s picture

Status: Active » Closed (works as designed)