Auto escape

Written By: TPLIX Team
Last updated: 20th Sep 2025

auto_escape — Overrides the compiler auto-escape setting within the block

Using function

auto_escape(mixed $enabled)

enabled: if set to on, enable, true or 1 then the compiler autoescaping is enabled inside this block. set to off, disable, false or 0 to disable it.

How easy it is to use in .tpl files, with additional parameters or using the enabling/disabling escaping, is shown below:
Example #1 no escaping:
index.tpl 

    {$user="<a href=\"javascript:jsAttack()\">EvilTroll</a>"}
    {$user}

The above example will output: Interpreted as HTML by the browser

<a href="javascript:jsAttack()">EvilTroll</a>
Example #2, enable auto escaping:
index.tpl 

    {auto_escape on}
    {$user} {* here any injected html is escaped so it's safe *}
    {/auto_escape}

The above example will output: Interpreted as text by the browser

& lt;a href="javascript:jsAttack()"& gt;EvilTroll& lt;/a& gt;
Was this article helpful?

Related Articles

Onboarding 101: Getting Started with Lorem Ipsum

Excerpt goes here Lorem ipsum dolor sit amet, consectetur adipiscing elit...

Setting Up Your Workspace: A Quick Start Guide

Quisque eu placerat purus. Nulla id lorem ac odio tincidunt laoreet non iaculis elit...

Navigating Lorem Ipsum: A Beginner's Tutorial

Morbi tellus velit, commodo sed vestibulum vel, ornare sed leo. Quisque imperdiet...

Account Settings: Manage your profile and preferences

Aliquam erat volutpat. Lorem ipsum dolor sit amet, consectetur adipiscing elit...

Built-in Functions