Apostrophe incompatible with Symfony input escaping methods

[tboutell]

Apostrophe doesn't have an XSS problem, because we escape content ourselves in appropriate ways, but it is incompatible with Symfony's "escape all variables passed to templates" feature. We should address that by calling $sf_data->getRaw('variable') rather than accessing $variable in all cases where we need access to raw data in a template. We'll then be able to work with output escaping turned on in the demo, which we should switch to doing by default to demonstrate it's possible, decrease the risk we'll make XSS errors of our own in client sites and keep us aware of any issues that come up.

[boutell]

Too big a change to make at the last minute for 1.4, we'll do it systematically on an Apostrophe day for 1.5

[tboutell]

We can't skip this one again. It's a very very very valid reason not to use Apostrophe on a Symfony project with components from any other plugins, or simply following Symfony best practices

[tboutell]

I hit this in [1914]. I did it via a code generator, the results are looking really good so far, I'm tempted to apply it to 1.4 but I'll be good at least for now and leave it in the trunk only (which will become 1.5 before too long).

The same tool could be applied to the blog plugin but I think we need to clean up the trunk of the blog plugin first.