Level 75
CAUTION! CAUTION! CAUTION! CAUTION! CAUTION!
https://laravel.com/docs/5.5/blade#displaying-data
Be careful, you could get XSS attacks.
I use a package like html purifier, that makes it safe to deal with HTML and code in your views.
Apr 2, 2018
16
Level 1
HTML and PHP tags saved in DB, how to show it on blade?
Hi good day guys,
Would like to ask on how to show the html and php saved from db to a blade template?
e.g. db entry:
@php $world = 'Universe'; @endphp
<p>Hello {{$world}}</p>
blade template - $content->description contains the db entry:
<div>{{$content->description}}. Lorem ipsum... </div>
Level 1
Thanks for the info :) Do you have any idea how to make it work? Currently, code above is not working. Been trying some tweaks and changes but still no luck :(
Level 1
@serverus14 Please add the full code
Level 1
from db, tbl_plan.description
@php $world = 'Universe'; @endphp
<p>Hello {{$world}}.</p>
from index.blade.php (not sure how to implement it here)
<div>
{{$plan->description}}
Lorem ipsum...
</div>
expected output
<div>
<p>Hello Universe</p>
Lorem ipsum...
</div>
Level 3
You Can use Like this {!!$plan->description!!}
Level 1
Hi @V9द,
Tried that one
<div>
{!!$plan->description!!}
Lorem ipsum...
</div>
But the browser output is (php is not rendered)
<div>
@php $world = 'Universe'; @endphp
Hello {{$world}}.
Lorem ipsum...
</div
Level 3
Why you are storing php tags in database
Level 1
To manage the page, dynamically. Just like an email template with php tags :)
Level 3
@serverus14 I think this in not best approch. I suggest you first have look on the laravel documents and tutorials and than try it.
Level 1
Yes, it maybe not the best approach for this but we have come into a scenario like this and we're stuck :D Let's say I want to have a CRUD for an email template. PHP tags are present in the template. How am I gonna edit it?
Level 122
You are talking about 'php tags' but what you are showing is blade tag @php
You render the content raw with blade {!! data!!} but then it contains blade tags. It would need to pass through the render process for a second time for any blade tags in data to be processed.
You may be able to render the data before passing it to the view but I doubt this is within your level of ability
Level 1
Oh, my bad. hahaha It was supposed to be a native php tag in the db. But still I've been looking for some fix or alternative where php and html are both rendered in a blade template.
Level 122
Then use the raw output {!! <p>You can be hacked</p> !!}
Level 75
USE a safe plugin for this sort of thing. If it doesn't work in blade, then don't use blade.
Or take a chance getting hacked. But don't have a site with people's personal information that can be hacked so easily.
1 like
Level 1
You mad guys? Lol :P
Level 1
USE a safe plugin for this sort of thing. If it doesn't work in blade, then don't use blade.
Best answer for my simple not complicated question :P Thanks @jlrdw
Please or to participate in this conversation.