Level 37
I'm not sure if it will work, but you can try the new Blade::doubleEncode() method. This should escape all special characters and replace them with the html equivalents.
Ref.: https://laravel-news.com/blade-double-encoding-vue-components
Feb 20, 2018
9
Level 35
Escape string parameters for markdown emails?
Hi there,
I am sending some emails with the help of the markdown templates Laravel supplies by default. And I pass some variables to it. But because the content is parsed as markdown all parsedown characters like # __ * 1. > will be parsed too and can possibly mess up the email.
So the quesiton is. How should I handle this? I do not see any escape_markdown() or whatever method. And I can't seem to find a library that does this. I can play a little bit with str_replace(['#'],['\#'], $string); but I have a feeling there must be an easier way (read as: somebody already figured this out)
To give an example
template
# Heading 1
Some text here ... etc. etc. etc.
{{ $someVariable }}
If $someVariable starts with a # it will be rendered as a heading.
Level 2
Try the following to not escape strings
{!! $someVariable !!}
Level 35
@Borisu No sorry that is only used to escape HTML. @jdunsmore That does not change anything to the variable. But both thanks for your reply
What it should do is turn the string # Hello into \# Hello and that for all the markdown characters that can possibly mess up the styling. I think I will just write a simple str_replace() based on this: https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet
Level 2
Apologies, I only half read your question.
If you are using a set view for that page you could just have the # always there with the dynamic {{$variable}} next to it.
Depends on your setup though
Level 35
No let's imagine you add a variable to a markdown template:
# Here a title with some standard text
Here some paragraph with **bold** text here.
{{ $andHereAVariableThatShouldBeParsedAsNormalText }}
The variable is user input so it could contain any value which means it could also contain markdown bold characters like ** or a # at the beginning of the line which will than turn into a heading instead of a normal paragraph.
If you do not escape it it will turn into:
# Here a title with some standard text
Here some paragraph with **bold** text here.
# Here is the user input now that also has **bold** text when I do not want that.
While it should be parsed as:
# Here a title with some standard text
Here some paragraph with **bold** text here.
\# Here is the user input now that also has \*\*bold\*\* text when I do not want that.
Level 67
Sounds like you'd need to run it through str_replace() (or regex but I think str_replace() is cheaper) and manually replace all markdown variables.
public function escapeMarkdown($text)
{
$markdown = [
'#',
'*',
// ... rest of markdown entities
];
$replacements = [
'\#',
'\*',
// ... rest of corresponding escaped markdown
];
return str_replace($markdown, $replacements, $text);
}
I don't know if that's the best solution but should work?
1 like
Level 37
Maybe just prefix your expressions with a backslash:
// some blade template with markdown
\{{ $someString }}
...
This will evaluate correctly.
Level 67
You could also try the method described in this SO question, and that is to put it in an html tag. Supposedly markdown within html tags won't get parsed as markdown. I suppose it's really up to whatever markdown parser laravel is using but it should be a quick test. So maybe just put it in a <div>{{ $textWithMarkdown }}</div>?
Level 35
@Borisu that will only solve the situation when it really starts with a #. If it does not start with a # you will just see a slash. And it does not escape the characters in the rest of the text **text** somewhere in the variable will still be bold.
@Cronix yes the str_replace()was also my idea (and not that hard) but it felt like I was reinventing the wheel there.
*boom* your solution with wrapping it in a html tag works in the markdown emails.
1 like
Please or to participate in this conversation.