Skip to content
Grav 2.0 is officially stable. Read the announcement →

Community guidelines

Please keep discussions civil and on-topic. Repeated violations may lead to a temporary ban.

Log in Register
General

Site broken after upgrade to Grav 1.7 (most of the generated HTML inside double quotes)

Solved by maxime View solution

Started by maxime 5 years ago · 8 replies · 921 views
5 years ago

Since I upgraded my website to Grav 1.7, a lot of the HTML generated is surrounded by double quotes.

It looks like this:
<body id="top" class=" page_home"><link href="https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" type="text/css" rel="stylesheet">
<link href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" type="text/css" rel="stylesheet">
<link href="/grav-admin/user/themes/base/css/base.css" type="text/css" rel="stylesheet">
<link href="/grav-admin/user/themes/base/css/menu.css" type="text/css" rel="stylesheet">
....

This of course breaks all the website, so I did not update live.

I tried disabling the cache, all plugins, disabling CSS and JS pipelines, and a few settings in system.yaml. Nothing fixed it.

Any reason for that?

5 years ago

@mathmax, The code you are showing looks perfectly valid to me... ;-)

Did you perhaps mean to show the following?

TXT
<body id="top" class=" page_home">
  &lt;link href="https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" type="text/css" rel="stylesheet"&gt;
  &lt;link href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" type="text/css" rel="stylesheet"&gt;
  &lt;link href="/grav-admin/user/themes/base/css/base.css" type="text/css" rel="stylesheet"&gt;
  &lt;link href="/grav-admin/user/themes/base/css/menu.css" type="text/css" rel="stylesheet"&gt;
....

Question:

  • Did you search the forum for issues on upgrading to Grav 1.7?
  • Did you read the upgrade to Grav 1.7 documentation for breaking changes?
    Yes I agree, 1.7 should be named 2.0, because minor upgrades are generally considered to be non-breaking...
last edited 03/13/21 by pamtbaau
5 years ago Solution

Thank you for you reply. And sorry for the wrong copy paste.

I feel ashamed because I read that section before upgrading and remembered about the auto-escaping thing, but I thought that since I will do an automatic upgrade, it would not be an issue. The page says:

and if you are upgrading from a version prior to 1.7, we automatically enable Twig Compatibility setting in the system configuration to ensure your old Twig code will continue to function.

But this was not functioning despite I did the upgrade through the admin panel.

After that I made a manual installation, and the problem was the same. I even remembered about that attribute which I confirmed to be false.

After you indicated the page again, I checked the details in the twig section and found out that

YAML
strict_mode:
  twig_compat: true

should also be added. This solved the issue! Thanks a lot!

5 years ago

@mathmax , If you did an upgrade by Admin or $ bin/gpm selfupgrade it should fix the autoescape issue.

If it didn't, depending on how you did the upgrade, I would either file an issue on the repo of Admin plugin, or at Grav repo itself.

5 years ago

I am sure the upgrade by Admin did not fix the autoescape issue automatically.
I upgraded from the 1.6.28, not the latest version.. could this cause a problem?
I found also that the cache should be refreshed for the whole website otherwise some sections would still display HTML as code... maybe Grav should always force refresh the cache after the upgrade?
I could try run again the upgrade from the admin on a local copy..

Btw, the doc mentions that autoescaping is a security improvements, so instead of just disabling it for backward compatibility, I was wondering if there is something I should change in my code in order to implement it correctly.

5 years ago

@mathmax, Yes, it is a security measure and the best approach is to go through the theme's templates and add the |raw filter to outputs that can be trusted. Or ask the developer of the theme to make it 1.7 compatible.

See my answer to a similar topic.

Changes in config files should normally trigger a refresh of the cache. If templates change a manual refresh is required.

5 years ago

Ok. Pretty much all my {{}} in the template files will have a |raw filter. Does that make sense?
In that case, why the {{}} operator itself doesn't apply the filter automatically?

5 years ago

@mathmax,

Does that make sense?

No that does not make sense, because that will be the same as adding the 'compatibility' properties and defies the security measure...

In that case, why the {{}} operator itself doesn’t apply the filter automatically?

Maybe a misunderstanding:
Escaping prevents malicious code to be evaluated and is added to every {{}} when autoescape: true. Filter |raw overrides the escaping and tells Twig 'trust me, it's save'.

Only values that will break the site when escaped should get filter |raw applied. E.g.:

  • {{ page.content|raw }}
  • {{ assets.css()|raw }}
  • {{ assets.js()|raw }}

An escaped {{ page.title }} will not break the site.

Have a look the templates of Grav to get an idea.

last edited 03/15/21 by pamtbaau
5 years ago

Got it! Thank you for the explanation!

Suggested topics

Topic Participants Replies Views Activity
Well done Grav Team
General · by Jerry Hunt, 4 days ago
2 95 15 hours ago
Grav 2, Admin Next, API and Migrate are now in production!
General · by pamtbaau, 20 hours ago
1 61 19 hours ago
Welcome to the new Grav Forums!
General · by Andy Miller, 1 day ago
0 47 1 day ago
How active is Grav?
General · by Marcel, 12 months ago
6 356 5 days ago
Contents in bin folder delete itself during core updates
General · by Duc , 6 days ago
3 44 6 days ago