5 years ago

New blade tag for unescaped data. Thoughts?

Posted 5 years ago by BenSmith

I've been messing around with 4.3 for the past couple of days and today I did a composer update right in the middle of Taylor fixing/changing a load of stuff. Was causing me some errors so I decided to look at the recent changes and noticed this Tweak how Blade echo escaping works for more safety.

This change is in conjunction with making both {{ }} and {{{ }}} escape values by default. This means that {{ link_to_route('login_path') }} will no longer output the html to the page and you will instead have to use {!! link_to_route('login_path') !!} .

I'm for the change as it reduces the risk of code injection but I do think it will break a lot of existing code. Will this make the next version more likely to be 5.0 than 4.3?. I'm also worried that it will mean yet more delays to get full blade support for PHPStorm :)

What are your thoughts?

Please sign in or create an account to participate in this conversation.