public function generateCode(PHPTAL_Php_CodeWriter $codewriter) { $mode = $codewriter->getOutputMode(); $value = $this->getValueEscaped(); $inCDATAelement = PHPTAL_Dom_Defs::getInstance()->isCDATAElementInHTML($this->parentNode->getNamespaceURI(), $this->parentNode->getLocalName()); // in HTML5 must limit it to <script> and <style> if ($mode === PHPTAL::HTML5 && $inCDATAelement) { $codewriter->pushHTML($codewriter->interpolateCDATA(str_replace('</', '<\\/', $value))); } elseif ($mode === PHPTAL::XHTML && $inCDATAelement || $mode === PHPTAL::XML && preg_match('/[<>&]/', $value) || $mode !== PHPTAL::HTML5 && preg_match('/<\\?|\\${structure/', $value)) { // in text/html "</" is dangerous and the only sensible way to escape is ECMAScript string escapes. if ($mode === PHPTAL::XHTML) { $value = str_replace('</', '<\\/', $value); } $codewriter->pushHTML($codewriter->interpolateCDATA('<![CDATA[' . $value . ']]>')); } else { $codewriter->pushHTML($codewriter->interpolateHTML(htmlspecialchars($value, ENT_QUOTES, $codewriter->getEncoding()))); } }