Auto-escaping

    When the view layer is rendered, each template is processed by a tokenizer before it is compiled into its final form. During this step something like this with “short tags”:

    The function is there to escape HTML output. This mechanism provides an easy and effective way to make sure all dynamically-generated data is displayed safely in your HTML template.


    One exception to this rule is when a line of template code references the object. In those cases, output is written directly to the template, rather than being filtered through . This is so that content from helpers is not double-escaped. As such, the following two statements are equivalent:

    This is an important consideration when accessing properties and methods from the template renderer. If you intend to echo content directly from which is not coming from a helper (this is not a common occurence), you must manually escape it, like so: