#Asking
Help me for my problem, when i built a website with Laravel
i am render my post with syntax like this :
<div>
<p>{!! $post->content !!}</p>
</div>
but i have problem, when i insert a i frame inside post, because the html has been removed with {!! !!}.
i have to try use {{ $post->content }}, but all content rendered with HTML
Any solution to this problem? ?
Thanks very much
With {!! you paste content "as is", in other words you become vulnerable to all types of issues like allowing <script> tags to be placed into your templates.
The {{ syntax will escape any HTML thus what you see is the actual html characters without actually parsing it (i.e. doing {{ '<b>bold</b>' }} will not result in a bold font but in the text <b>bold</b>).
Now with your problem: there are some cumbersome ways to filter out any html tags yourself and leave the <iframe>'s in there (something like {!! only_iframe($content) !!}), but it is quite difficult and will likely not result in a safe solution.
Your own answer which stated that you used {!!html_entity_decode($post->content)!!} simply means that your HTML was encoded to start with, which is not something I can deduct from your question. Note that you are now vulnerable to malicious code injection if you are not certain you can control the contents of $post->content.
Related
{!! Menu::render('admin-sidebar-menu', 'adminltecustom'); !!}
I am editing a laravel code and want to make canges in my sidebar. but i donot understand this line, and I cannot find the source of sidebar.
Anyone who can help me out what does it actually means. and how can I edit my sidebar of the project.
The blade Syntax {!! !!}
is used to used to print HTML as it is without escaping it.
Use it cautiously as it is used to avoid escaping data, and can be result in security failures if used incorrectly.
I am new to Vue js, Inertia and Laravel.
But I have gotten stuck and cannot figure out what the problem is even though I try searching google and looking at videos.
I have this code
<div v-for="(seed, index) in seeds" :key="index">
Id {{ seed.id }}
<inertia-link :href="'/fert/' + '{{ seed.id }}'">
Go to seed
</inertia-link>
</div>
And The first {{ seed.id }} outside of the links looks great, it shows the actual id.
However then {{ seed.id }} within the link formats, so the link shows this:
Id 1Go to seed
Why is it formatting inside the link but not outside? and how to I fix it?
Thanks in advance, and yes I am very noob. sorry
You shouldn't use curly braces in attribute's value.
Using :[attribute-name] already tells Vue that you gonna use some JS expressions in value
:href="'/fert/' + seed.id"
You shouldn't use curly braces within the link. A nicer way to concatenate vars with text is to use template literal ES6 with backticks
<inertia-link :href="`/fert/${seed.id}`">Go to seed</inertia-link>
I have laravel template.blade.php
<div class="classone">
<div class="classtwo">
text
</div>
<div class="classtwo">
text
</div>
</div>
And I would like to display the code to the user as it is. Incluing new line and indents.
I was playing around with {!! !!}, nl2br(view()->render() even Blade::compileString but was unable to find an elegant solution. Everytime I was able to make it work it was difficult to maintain and every small change to the displayed code was laber intense.
I would like to ask for a suggeston how to display more complex html/css/js code to user. I though it will be fairy often topic but was unable to find anything which would help me.
Thank you in advance.
I tried some things out. They may seem a little bit 'hacky' but I think they will suit your purpose. I used a freshly created Laravel 8 application as an example.
<pre>{{ file_get_contents( resource_path('views/welcome.blade.php')) }}</pre>
You can use the Blade facade to compile your blade file to plain php if you want:
<pre>{{ Blade::compileString(file_get_contents( resource_path('views/app.blade.php'))) }}</pre>
I put <pre></pre> tags around the output to show line breaks. It makes the code more readable.
I am going to use AngularJS along with Laravel, and I wanted to change Laravel tags to [[ ]] (which I think BTW is nicer since [ ] looks more like blade and is sharper :p )
Anyhow, I changed it with
Blade::setContentTags('[[', ']]'); // for variables and all things Blade
Blade::setEscapedContentTags('[[[', ']]]'); // for escaped data
How do I change the "Bracket Highlight" in Sublime now so that it still highlights my new tags??
Not directly answerting your question, but my solution to have Angular and Blade playing nice is very simple, I create a _partial every time I need some Angular and name this partial just '.php' and not '.blade.php', so if I have a form that uses Angular, I have:
{{ Form::open() }}
#include('_partials.posts.forms.create');
{{ Form::close() }}
In this case the included file would be views/_partials/posts/forms/create.php.
About Sublime, download Blade Syntax Highlighter, this file might give you a clue about how to change that for you:
https://github.com/Medalink/laravel-blade/blob/master/laravel-blade.tmLanguage
I know that you can change the default blade delimiter using
Blade::setEscapedContentTags('[[', ']]');
Blade::setContentTags('[[[', ']]]');
However I don't know where should I put it so that it only affect single blade template as opposed to putting it at app/start/global.php which affect whole application.
If you only want to use different tags for a single view, you can set the tags in the closure or controller action that will generate the view.
Route::get('/', function()
{
Blade::setEscapedContentTags('[[', ']]');
Blade::setContentTags('[[[', ']]]');
return View::make('home');
});
This could be an issue if you want to use the normal tags {{ and }} in an application layout but your custom ones in a nested view - I'm not sure what the best approach there would be.
The solution with Blade::setEscapedContentTags / Blade::setContentTags doesn't work in the latest versions of Laravel (checked at 5.6).
The recommended approach is (https://laravel.com/docs/5.6/blade#blade-and-javascript-frameworks):
Blade & JavaScript Frameworks
Since many JavaScript frameworks also use "curly" braces to indicate a
given expression should be displayed in the browser, you may use the #
symbol to inform the Blade rendering engine an expression should
remain untouched. For example:
Hello, #{{ name }}.
In this example, the #symbol will be removed by
Blade; however, {{ name }} expression will remain untouched by the
Blade engine, allowing it to instead be rendered by your JavaScript
framework.
The #verbatim Directive
If you are displaying JavaScript variables in
a large portion of your template, you may wrap the HTML in the
#verbatim directive so that you do not have to prefix each Blade echo
statement with an # symbol:
#verbatim
<div class="container">
Hello, {{ name }}.
</div>
#endverbatim
Simply use #verbatim directive.wrap your whole code in it and blade will just ignore all the curly braces.