public function before(PHPTAL_Php_CodeWriter $codewriter) { $escape = true; if (preg_match('/^(text|structure)(?:\\s+(.*)|\\s*$)/', $this->expression, $m)) { if ($m[1] == 'structure') { $escape = false; } $this->expression = isset($m[2]) ? $m[2] : ''; } // if no expression is given, the content of the node is used as // a translation key if (strlen(trim($this->expression)) == 0) { $key = $this->_getTranslationKey($this->phpelement, !$escape, $codewriter->getEncoding()); $key = trim(preg_replace('/\\s+/sm' . ($codewriter->getEncoding() == 'UTF-8' ? 'u' : ''), ' ', $key)); $code = $codewriter->str($key); } else { $code = $codewriter->evaluateExpression($this->expression); } $this->_prepareNames($codewriter, $this->phpelement); $codewriter->pushCode('echo $_translator->translate(' . $code . ',' . ($escape ? 'true' : 'false') . ');'); }
public function generateCode(PHPTAL_Php_CodeWriter $codewriter) { $mode = $codewriter->getOutputMode(); $value = $this->getValueEscaped(); $inCDATAelement = PHPTAL_Dom_Defs::getInstance()->isCDATAElementInHTML($this->parentNode->getNamespaceURI(), $this->parentNode->getLocalName()); // in HTML5 must limit it to <script> and <style> if ($mode === PHPTAL::HTML5 && $inCDATAelement) { $codewriter->pushHTML($codewriter->interpolateCDATA(str_replace('</', '<\\/', $value))); } elseif ($mode === PHPTAL::XHTML && $inCDATAelement || $mode === PHPTAL::XML && preg_match('/[<>&]/', $value) || $mode !== PHPTAL::HTML5 && preg_match('/<\\?|\\${structure/', $value)) { // in text/html "</" is dangerous and the only sensible way to escape is ECMAScript string escapes. if ($mode === PHPTAL::XHTML) { $value = str_replace('</', '<\\/', $value); } $codewriter->pushHTML($codewriter->interpolateCDATA('<![CDATA[' . $value . ']]>')); } else { $codewriter->pushHTML($codewriter->interpolateHTML(htmlspecialchars($value, ENT_QUOTES, $codewriter->getEncoding()))); } }