# `autoescape`
Whether automatic escaping is enabled or not, you can mark a section of atemplate to be escaped or not by using the `autoescape` tag:
<table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre> 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20</pre></div></td><td class="code"><div class="highlight"><pre>{# The following syntax works as of Twig 1.8 -- see the note below for previous versions #}
{% autoescape %}
Everything will be automatically escaped in this block
using the HTML strategy
{% endautoescape %}
{% autoescape 'html' %}
Everything will be automatically escaped in this block
using the HTML strategy
{% endautoescape %}
{% autoescape 'js' %}
Everything will be automatically escaped in this block
using the js escaping strategy
{% endautoescape %}
{% autoescape false %}
Everything will be outputted as is in this block
{% endautoescape %}
</pre></div></td></tr></table>
Note
Before Twig 1.8, the syntax was different:
<table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre> 1
2
3
4
5
6
7
8
9
10
11
12
13</pre></div></td><td class="code"><div class="highlight"><pre>{% autoescape true %}
Everything will be automatically escaped in this block
using the HTML strategy
{% endautoescape %}
{% autoescape false %}
Everything will be outputted as is in this block
{% endautoescape %}
{% autoescape true js %}
Everything will be automatically escaped in this block
using the js escaping strategy
{% endautoescape %}
</pre></div></td></tr></table>
When automatic escaping is enabled everything is escaped by default except forvalues explicitly marked as safe. Those can be marked in the template by usingthe [*raw*](#) filter:
<table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre>1
2
3</pre></div></td><td class="code"><div class="highlight"><pre>{% autoescape %}
{{ safe_value|raw }}
{% endautoescape %}
</pre></div></td></tr></table>
Functions returning template data (like [*macros*](#) and[*parent*](#)) always return safe markup.
Note
Twig is smart enough to not escape an already escaped value by the[*escape*](#) filter.
Note
Twig does not escape static expressions:
<table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre>1
2
3</pre></div></td><td class="code"><div class="highlight"><pre>{% set hello = "<strong>Hello</strong>" %}
{{ hello }}
{{ "<strong>world</strong>" }}
</pre></div></td></tr></table>
Will be rendered "<strong>Hello</strong> **world**".
Note
The chapter [*Twig for Developers*](#) gives more informationabout when and how automatic escaping is applied.
- Twig
- Introduction
- Installation
- Twig for Template Designers
- Twig for Developers
- Extending Twig
- Twig Internals
- Deprecated Features
- Recipes
- Coding Standards
- Tags
- autoescape
- block
- do
- embed
- extends
- filter
- flush
- for
- from
- if
- import
- include
- macro
- sandbox
- set
- spaceless
- use
- verbatim
- Filters
- abs
- batch
- capitalize
- convert_encoding
- date
- date_modify
- default
- escape
- first
- format
- join
- json_encode
- keys
- last
- length
- lower
- merge
- nl2br
- number_format
- raw
- replace
- reverse
- round
- slice
- sort
- split
- striptags
- title
- trim
- upper
- url_encode
- Functions
- attribute
- block
- constant
- cycle
- date
- dump
- include
- max
- min
- parent
- random
- range
- source
- template_from_string
- Tests
- constant
- defined
- divisible by
- empty
- even
- iterable
- null
- odd
- same as