Problem/Motivation
See the original issue here: https://www.drupal.org/project/drupal/issues/3457168
`twig_escape_filter()` usage has been converted into `$env->getRuntime(EscaperRuntime::class)->escape()` in `core/lib/Drupal/Core/Template/TwigExtension.php` because of a code deprecation.
But this fix introduces an issue, where it can send a wrong type in the escape method. Check this commit: https://git.drupalcode.org/project/drupal/-/commit/eaa7072469e5c3cbe2b87...
We can see that `$return` argument sent to `twig_escape_filter()` has been wrongly replaced with `$arg`, and we are missing string conversion actions performed several lines above.
Steps to reproduce
Get any stringable object variable in a twig template, and apply to it any escape filter (except for 'html'), and the website ends up with a BSOD and this error (depending on what object you try to escape):
The website encountered an unexpected error. Try again later.
Error: Object of class Drupal\Core\Url could not be converted to string in Twig\Template->display() (line 350 of /app/vendor/twig/twig/src/Template.php).
Twig\Template->render(Array) (Line: 35)
Twig\TemplateWrapper->render(Array) (Line: 33)
Twig Example:
<a href="{{ any_drupal_url_object|e('html_attr') }}">test</a>
Proposed resolution
Usereturn $env->getRuntime(EscaperRuntime::class)->escape($return, $strategy, $charset, $autoescape);
instead ofreturn $env->getRuntime(EscaperRuntime::class)->escape($arg, $strategy, $charset, $autoescape);
in `app/core/lib/Drupal/Core/Template/TwigExtension.php`.