This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
documentation:rack:reference:templates [2018/05/25 20:47] – [Template functions] Martijn Luinstra | documentation:rack:reference:templates [2023/08/31 23:12] (current) – Martijn Luinstra | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Templates ====== | ====== Templates ====== | ||
- | Every template is an instance of the <php>Template</ | + | Every template is an instance of the '' |
- | <HTML> | + | <WRAP danger>**WARNING!** No data is escaped by default. Always explicitly escape your template variables and be careful which data you access in templates.</ |
- | <div style=" | + | |
- | </ | + | |
- | </HTML>\\ | + | |
===== Template variables (context) ===== | ===== Template variables (context) ===== | ||
Line 12: | Line 9: | ||
Templates are intitialized with a context object, which is an associative array. The individual elements of this array are made available in the templates as regular variables (see [[http:// | Templates are intitialized with a context object, which is an associative array. The individual elements of this array are made available in the templates as regular variables (see [[http:// | ||
- | <PHP> | + | <code php> |
$context = [ | $context = [ | ||
' | ' | ||
' | ' | ||
]; | ]; | ||
- | </PHP> | + | </code> |
and the template | and the template | ||
- | <PHP> | + | <code php> |
< | < | ||
< | < | ||
Line 31: | Line 28: | ||
</ | </ | ||
</ | </ | ||
- | </PHP> | + | </code> |
which renders as | which renders as | ||
- | <HTML> | + | <WRAP box round> |
- | <div style=" | + | ====== Home ====== |
- | <h1>Home</h1> | + | page_id: index |
- | page_id: index | + | </WRAP> |
- | </div> | + | |
- | </HTML>\\ | + | |
===== Template functions ===== | ===== Template functions ===== | ||
Line 46: | Line 41: | ||
All global functions are available in templates. The template class provides the following additional functions for escaping data to prevent XSS attacks. | All global functions are available in templates. The template class provides the following additional functions for escaping data to prevent XSS attacks. | ||
- | * <php>html($data)</ | + | * '' |
- | * <php>attr($data)</ | + | * '' |
- | * <php>format_plain_text($text)</ | + | * '' |
Remember! No data is escaped by default. Always explicitly escape your template variables and be careful which data you access in templates. | Remember! No data is escaped by default. Always explicitly escape your template variables and be careful which data you access in templates. | ||
Line 54: | Line 49: | ||
The following snippet shows how these functions should be used. | The following snippet shows how these functions should be used. | ||
- | <PHP> | + | <code php> |
< | < | ||
< | < | ||
Line 60: | Line 55: | ||
Author: <a href="<? | Author: <a href="<? | ||
</ | </ | ||
- | </PHP> | + | </code> |
Line 67: | Line 62: | ||
Rack templates support basic template inheritance, | Rack templates support basic template inheritance, | ||
- | * <php>Template-> | + | * '' |
- | * <php>Template-> | + | * '' |
- | * <php>Template-> | + | * '' |
Note that nested blocks are not supported and that blocks are only allowed in templates that extend a parent template. | Note that nested blocks are not supported and that blocks are only allowed in templates that extend a parent template. |