Jump to content


Each template bit can have variables passed into it by the backed PHP code, and these variables can be used by the template bit to control the display. Consult either the template editor or designer's mode guides (depending on your preference) to find out how to determine which variables are available to a template.

As well as these local variables, you can access the various objects created by the IPS4 PHP framework.


Variables are escaped

It's important to note that by default, all variable values are HTML-escaped when you output them in templates. This is for security, and ensures you don't inadvertently output some malicious HTML that is then processed by the browser and displayed. If a variable $value contained:


Then outputting it in a template like so:

Here's the variable value: {$value}

Would actually send:

Here's the variable value: &lt;strong&gt;Example&lt;/strong&gt;

This is safe for the browser to display.

Bypassing this protection

Of course, in some situations, you want the raw HTML to be output, and not escaped. To do so, you can use the raw modifier on the variable:

Here's the variable value: {$value|raw}

Using this modifier on untrusted content is a security risk. You should not output raw user-supplied HTML unless it has been properly sanitized and you are certain it is safe. Content that comes from IPS4's rich text editor is safe to output with this modifier.


  Report Guide

  • Create New...