From 60bb0f5801be8d5fe6428b21df1210755871bb89 Mon Sep 17 00:00:00 2001
From: Andreas Schempp <andreas.schempp@terminal42.ch>
Date: Mon, 18 May 2026 09:42:25 +0200
Subject: [PATCH] Allow Markup to be marked as safe for escaping

---
 src/Markup.php                 | 12 +++++++++++-
 src/Runtime/EscaperRuntime.php |  2 +-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/Markup.php b/src/Markup.php
index a933b69d327..8186f4e0f0f 100644
--- a/src/Markup.php
+++ b/src/Markup.php
@@ -20,11 +20,16 @@ class Markup implements \Countable, \JsonSerializable, \Stringable
 {
     private $content;
     private ?string $charset;
+    private array $options;
 
-    public function __construct($content, $charset)
+    public function __construct($content, $charset, array $options = [])
     {
         $this->content = (string) $content;
         $this->charset = $charset;
+
+        $this->options = array_merge([
+            'is_safe' => null,
+        ], $options);
     }
 
     public function __toString(): string
@@ -37,6 +42,11 @@ public function getCharset(): string
         return $this->charset;
     }
 
+    public function getSafe(): array|null
+    {
+        return $this->options['is_safe'] ?? null;
+    }
+
     /**
      * @return int
      */
diff --git a/src/Runtime/EscaperRuntime.php b/src/Runtime/EscaperRuntime.php
index f4a7023c7a7..341f941f453 100644
--- a/src/Runtime/EscaperRuntime.php
+++ b/src/Runtime/EscaperRuntime.php
@@ -99,7 +99,7 @@ public function addSafeClass(string $class, array $strategies)
      */
     public function escape($string, string $strategy = 'html', ?string $charset = null, bool $autoescape = false)
     {
-        if ($autoescape && $string instanceof Markup) {
+        if ($autoescape && $string instanceof Markup && (null === $string->getSafe() || \in_array($strategy, $string->getSafe(), true))) {
             return $string;
         }