escape

escape is used to encode or escape a variable to for example html, url, single quotes, hex, hexentity, javascript and mail. By default its html.

Parameter PositionTypeRequiredPossible ValuesDefaultDescription
1stringNohtml, htmlall, url, urlpathinfo, quotes, hex, hexentity, javascript, mail htmlThis is the escape format to use.
2stringNoISO-8859-1, UTF-8, and any character set supported by htmlentities() ISO-8859-1The character set encoding passed to htmlentities() et. al.

Example 5-10. escape

<?php

$smarty
->assign('articleTitle',
                
"'Stiff Opposition Expected to Casketless Funeral Plan'"
                
);
$smarty->assign('EmailAddress','smarty@example.com');

?>

These are example escape template lines followed by the output

{$articleTitle}
'Stiff Opposition Expected to Casketless Funeral Plan'

{$articleTitle|escape}
&#039;Stiff Opposition Expected to Casketless Funeral Plan&#039;

{$articleTitle|escape:'html'}    {* escapes  & " ' < > *}
&#039;Stiff Opposition Expected to Casketless Funeral Plan&#039;

{$articleTitle|escape:'htmlall'} {* escapes ALL html entities *}
&#039;Stiff Opposition Expected to Casketless Funeral Plan&#039;

<a href="?title={$articleTitle|escape:'url'}">click here</a>
<a href="?title=%27Stiff+Opposition+Expected+to+Casketless+Funeral+Plan%27">click here</a>

{$articleTitle|escape:'quotes'}
\'Stiff Opposition Expected to Casketless Funeral Plan\'

<a href="mailto:{$EmailAddress|escape:"hex"}">{$EmailAddress|escape:"hexentity"}</a>
{$EmailAddress|escape:'mail'}    {* this converts to email to text *}
<a href="mailto:%62%6f%..snip..%65%74">&#x62;&#x6f;&#x62..snip..&#x65;&#x74;</a>

{'mail@example.com'|escape:'mail'}
smarty [AT] example [DOT] com

Example 5-11. Other examples

PHP functions can be used as modifiers, $security permitting.

{* the "rewind" paramater registers the current location *}
<a href="{$SCRIPT_NAME}?page=foo&rewind={$smarty.server.REQUEST_URI|urlencode}">click here</a>

This snippet is useful for emails, but see also {mailto}

{* email address mangled *}
<a href="mailto:{$EmailAddress|escape:'hex'}">{$EmailAddress|escape:'mail'}</a>

See also escaping smarty parsing, {mailto} and the obfuscating email addresses page.