1<?php 2namespace TYPO3Fluid\Fluid\ViewHelpers\Format; 3 4/* 5 * This file belongs to the package "TYPO3 Fluid". 6 * See LICENSE.txt that was shipped with this package. 7 */ 8 9use TYPO3Fluid\Fluid\Core\Compiler\TemplateCompiler; 10use TYPO3Fluid\Fluid\Core\Parser\SyntaxTree\ViewHelperNode; 11use TYPO3Fluid\Fluid\Core\Rendering\RenderingContextInterface; 12use TYPO3Fluid\Fluid\Core\ViewHelper\AbstractViewHelper; 13use TYPO3Fluid\Fluid\Core\ViewHelper\Traits\CompileWithContentArgumentAndRenderStatic; 14 15/** 16 * Outputs an argument/value without any escaping. Is normally used to output 17 * an ObjectAccessor which should not be escaped, but output as-is. 18 * 19 * PAY SPECIAL ATTENTION TO SECURITY HERE (especially Cross Site Scripting), 20 * as the output is NOT SANITIZED! 21 * 22 * = Examples = 23 * 24 * <code title="Child nodes"> 25 * <f:format.raw>{string}</f:format.raw> 26 * </code> 27 * <output> 28 * (Content of {string} without any conversion/escaping) 29 * </output> 30 * 31 * <code title="Value attribute"> 32 * <f:format.raw value="{string}" /> 33 * </code> 34 * <output> 35 * (Content of {string} without any conversion/escaping) 36 * </output> 37 * 38 * <code title="Inline notation"> 39 * {string -> f:format.raw()} 40 * </code> 41 * <output> 42 * (Content of {string} without any conversion/escaping) 43 * </output> 44 * 45 * @api 46 */ 47class RawViewHelper extends AbstractViewHelper 48{ 49 50 use CompileWithContentArgumentAndRenderStatic; 51 52 /** 53 * @var boolean 54 */ 55 protected $escapeChildren = false; 56 57 /** 58 * @var boolean 59 */ 60 protected $escapeOutput = false; 61 62 /** 63 * @return void 64 */ 65 public function initializeArguments() 66 { 67 $this->registerArgument('value', 'mixed', 'The value to output', false, null, false); 68 } 69 70 /** 71 * @param array $arguments 72 * @param \Closure $renderChildrenClosure 73 * @param RenderingContextInterface $renderingContext 74 * @return mixed 75 */ 76 public static function renderStatic(array $arguments, \Closure $renderChildrenClosure, RenderingContextInterface $renderingContext) 77 { 78 return $renderChildrenClosure(); 79 } 80 81 /** 82 * @param string $argumentsName 83 * @param string $closureName 84 * @param string $initializationPhpCode 85 * @param ViewHelperNode $node 86 * @param TemplateCompiler $compiler 87 * @return mixed 88 */ 89 public function compile($argumentsName, $closureName, &$initializationPhpCode, ViewHelperNode $node, TemplateCompiler $compiler) 90 { 91 $contentArgumentName = $this->resolveContentArgumentName(); 92 return sprintf( 93 'isset(%s[\'%s\']) ? %s[\'%s\'] : %s()', 94 $argumentsName, 95 $contentArgumentName, 96 $argumentsName, 97 $contentArgumentName, 98 $closureName 99 ); 100 } 101} 102