1``autoescape``
2==============
3
4Whether automatic escaping is enabled or not, you can mark a section of a
5template to be escaped or not by using the ``autoescape`` tag:
6
7.. code-block:: jinja
8
9    {% autoescape %}
10        Everything will be automatically escaped in this block
11        using the HTML strategy
12    {% endautoescape %}
13
14    {% autoescape 'html' %}
15        Everything will be automatically escaped in this block
16        using the HTML strategy
17    {% endautoescape %}
18
19    {% autoescape 'js' %}
20        Everything will be automatically escaped in this block
21        using the js escaping strategy
22    {% endautoescape %}
23
24    {% autoescape false %}
25        Everything will be outputted as is in this block
26    {% endautoescape %}
27
28.. note::
29
30    Before Twig 1.8, the syntax was different:
31
32    .. code-block:: jinja
33
34        {% autoescape true %}
35            Everything will be automatically escaped in this block
36            using the HTML strategy
37        {% endautoescape %}
38
39        {% autoescape false %}
40            Everything will be outputted as is in this block
41        {% endautoescape %}
42
43        {% autoescape true js %}
44            Everything will be automatically escaped in this block
45            using the js escaping strategy
46        {% endautoescape %}
47
48When automatic escaping is enabled everything is escaped by default except for
49values explicitly marked as safe. Those can be marked in the template by using
50the :doc:`raw<../filters/raw>` filter:
51
52.. code-block:: jinja
53
54    {% autoescape %}
55        {{ safe_value|raw }}
56    {% endautoescape %}
57
58Functions returning template data (like :doc:`macros<macro>` and
59:doc:`parent<../functions/parent>`) always return safe markup.
60
61.. note::
62
63    Twig is smart enough to not escape an already escaped value by the
64    :doc:`escape<../filters/escape>` filter.
65
66.. note::
67
68    Twig does not escape static expressions:
69
70    .. code-block:: jinja
71
72        {% set hello = "<strong>Hello</strong>" %}
73        {{ hello }}
74        {{ "<strong>world</strong>" }}
75
76    Will be rendered "<strong>Hello</strong> **world**".
77
78.. note::
79
80    The chapter :doc:`Twig for Developers<../api>` gives more information
81    about when and how automatic escaping is applied.
82