The only difference is the behavior of auto escaping in twig

Imagine you have a var variable containing: <div>I'm happy</div>.

On index.twig, {{ var }} will render <div>I'm happy</div>.

On index.html.twig, {{ var }} will render &lt;div&gt;I&#039;m happy&lt;div&gt;

On index.js.twig, {{ var }} will render \x3Cdiv\x3EI\x27m\x20happy\x3Cdiv\x3E

And so on.

Always use the right extension to avoid any XSS vulnerability, and
always use |raw wisely because it overlaps this extension’s implicit protection.

Posted in php

Leave a Reply

Your email address will not be published.