twigphp
Using the apply tag causes double-escaping
The following twig template:
{% set foo = "Something's not right" %}
<pre>
{{- foo }}
{%~ apply lower %}{{ foo }}{% endapply -%}
</pre>
…produces the following HTML output:
<pre>Something's not right
something&#039;s not right</pre>
…which is rendered as:
Something's not right
something's not right
I'm currently working around this by using the raw filter within the apply tag:
{% set foo = "Something's not right" %}
<pre>
{{- foo }}
{%~ apply lower|raw %}{{ foo }}{% endapply -%}
</pre>
➜ symfony composer show | grep twig
symfony/twig-bridge v6.4.12 Provides integration for Twig with various Symfony components
symfony/twig-bundle v6.4.12 Provides a tight integration of Twig into the Symfony full-stack framework
twig/cssinliner-extra v3.13.0 A Twig extension to allow inlining CSS
twig/extra-bundle v3.13.0 A Symfony bundle for extra Twig extensions
twig/inky-extra v3.13.0 A Twig extension for the inky email templating engine
twig/twig v3.14.0 Twig, the flexible, fast, and secure template language for PHP
The way it works currently is that the apply call is done after the evaluation of the content, so on the already escaped content. While some filters might be safe to apply on an already escaped content (lower being of of them), this is generally not the case (upper is not for instance). From the core list of filters, I think (to be double checked) only lower and trim could be marked as safe.
So, I would say that this is a "won't fix" as explicitely using raw here makes sense as it allows to clearly signal the intention of the developer.