I'm working on a Laravel 5 project and am using the Illuminate/Html form facades package to build forms the way they could be built in Laravel 4, with things like:
Form::text('email', null);
So on and so forth. However, my forms are being rendered to the page as HTML but in plain text. So I'm not getting fields, I'm getting the HTML for the fields printed to the page.
Anyone else have this issue and know what the fix is?
Hey @imJohnBon, that changed for laravel 5, now instead of doing {{}} to output raw data now by default is used {{!! !!}}.
{!! Form::text('email', null) !!}
There is a topic in the forum which explains this:
https://laracasts.com/discuss/channels/general-discussion/new-blade-tag-for-unescaped-data-thoughts
The tags for escaping vs not escaping output changed to help make Laravel apps more secure.
{!! Form::text('email', null) !!}
People were generally using {{ stuff }} when they should have been using {{{ stuff }}}. So now {{ stuff }} escapes the input like {{{ stuff }}} does.
Well dang, that's pretty important! Thanks for the heads up.
But why taylor has changed {{}} to {{!! !!}}, any thought?
@web.nirav I assume because at a glance it's very difficult to tell the difference between {{ }} and {{{ }}}, which is very bad when the difference between the 2 can be a secure application and an insecure application. At a glance it's easy to differentiate {{!! !!}} from {{{ }}} ensuring that nobody thinks output is escaped when it isn't.
The {{...}} for L4 was changed in {!!...!!} in L5 and {{{...}}} in L4 changed in {{...}} in L5. And please don't get confused it's not {{!!...!!}} but {!!...!!}.
@uxweb, @web-chiru, @citricsquid and anyone else reading this, it is not {{!! ... !!}} but just a single brace either side like so: {!! ... !!}.
Please update your answer above so others who visit the page don't copy and paste, thus not getting the desired outcome.
Thanks @mstnorris, that was a typo, answer updated!
Please or to participate in this conversation.