I have a code <span>{{ trans('lang.color.' . $bet->color) }}</span></div> which displays the bet amount for a specific color.
My lang file:
'color' => [
'red' => 'red',
'zero' => 'green',
'black' => 'black',
],
Which is responsible for the fact that if the bet was placed on red, the site will say: set to red.
How can I correctly display HTML code in color variables? For example, if i write 'red' => '<div style="font-color:#FF0000">red</div>' site does not convert the text to HTML, and writes the div with text. How to make read text file HTML?
My laravel version: 5.1.10.
Displaying Unescaped Data
By default, Blade {{ }} statements are automatically sent through PHP's htmlentities function to prevent XSS attacks. If you do not want your data to be escaped, you may use the following syntax:
{!! trans('lang.color.' . $bet->color) !!}
Note: Be very careful when echoing content that is supplied by users of your application. Always use the double curly brace syntax to escape any HTML entities in the content.
Related
I have the follow code in Blade using a ternary operator:
<td>{{isset($arrTemp[$ccc->id]) ? "<a hfet='".url('/cc/'.$cc->id)."'>".count($arrTemp[$cc->id])."</a>": 'N/A'}}</td>
If it find somenthing for the array key $cc->id, should thisplay the value with the link atteched to it.
But the page is rendering <a hfet='http://my.test/cc/56526235'>4</a> the string itself.
What am I missing?
When you use {{ }} the output is automatically escaped to prevent XSS attacks. You can use {!! !!} instead, which will not escape the string.
Source: https://laravel.com/docs/5.4/blade#displaying-data
I can generate a basic link like so:
This is an [example link](http://example.com/).
I can generate a button with a dynamic link like so:
#component('mail::button', ['url' => \URL::to('/subscriptions/'.$recipient->id.'/'.$recipient->email.'?action=subscribe')])
Sign Me Up
#endcomponent
But how do I generate a dynamic link, not button?
I tried:
[Safe Unsubscribe]( url('/subscriptions/'.$recipient->id.'/'.$recipient->email.'?action=unsubscribe') )
and
[Safe Unsubscribe]( \URL::to('/subscriptions/'.$recipient->id.'/'.$recipient->email.'?action=unsubscribe') )
but these output in a literal way:
url('/subscriptions/'.%24recipient-%3Eid.'/'.%24recipient-%3Eemail.'?action=subscribe%27)
You are still in a blade template. So if you are not in a blade directive and you want to echo content, you have to use the curly brackets.
[Safe Unsubscribe]({{ url('/subscriptions/'.$recipient->id.'/'.$recipient->email.'?action=unsubscribe') }})
I am trying to sanitalize Solr search results, cause it has html tags inside:
ActionController::Base.helpers.sanitize( result_string )
It is easy to sanitalize not highlighted string like: I know <ul><li>ruby</li> <li>rails</li></ul>.
But when results is highlighted I have additional important tags inside - <em> and </em>:
I <em>know</em> <<em>ul</em>><<em>li</em>><em>ruby</em></<em>li</em>> <<em>li</em>><em>rails</em></<em>li</em>></<em>ul</em>>.
So, when I sanitalize string with nested html and highlighting tags, I get string with peaces of htmls tags. And it is bad :)
How can I sanitalize highlighted string with <em> tags inside to get correct result (string with <em> tags only)?
I found the way, but it's slow and not pretty:
string = 'I <em>know</em> <<em>ul</em>><<em>li</em>><em>ruby</em></<em>li</em>> <<em>li</em>><em>rails</em></<em>li</em>></<em>ul</em>>'
['p', 'ul', 'li', 'ol', 'span', 'b', 'br'].each do |tag|
string.gsub!( "<<em>#{tag}</em>>", '' )
string.gsub!( "</<em>#{tag}</em>>", '' )
end
string = ActionController::Base.helpers.sanitize string, tags: %w(em)
How can I optimize it or do it using some better solution?
to write some regex and remove html_tags, but keep <em> and </em> e.g.
Please help, thanks.
You could call gsub! to discard all tags but keep only tags that are independent, or that are not included in html tag.
result_string.gsub!(/(<\/?[^e][^m]>)|(<<em>\w*<\/em>>)|(<\/<em>\w*<\/em>>)/, '')
would do the trick
To explain:
# first group (<\/?[^e][^m]>)
# find all html tags that are not <em> or </em>
# second group (<<em>\w*<\/em>>)
# find all opening tags that have <em> </em> inside of them like:
# <<em>li</em>> or <<em>ul</em>>
# third group (<\/<em>\w*<\/em>>)
# find all closing tags that have <em> </em> inside of them:
# </<em>li</em>> or </<em>ul</em>>
# and gsub replaces all of this with empty string
I think you can use the sinitize:
Custom Use (only the mentioned tags and attributes are allowed, nothing else)
<%= sanitize #article.body, tags: %w(table tr td), attributes: %w(id class style) %>
So, something like that should work:
sanitize result_string, tags: %w(em)
With an additional parameter to sanitize, you can specify which tags are allowed.
In your example, try:
ActionController::Base.helpers.sanitize( result_string, tags: %w(em) )
It should do the trick
So there must be a simple way around this... On my site there are multiple modals, depending on the page. I've created a modal template that these can all extend. However, the last modal I include on the page ends up 'taking over' the rest of them, and so all my modals end up with the same sections from that last include. How can I make it so that each extension is unique to the file from which it extends?
Example of what's happening:
//template.blade.php
<htmls and stuff>
#yield('section_1')
#yield('section_2')
</htmls and stuff>
//Modal 1
#extends('template')
#section('section_1')
Some words
#stop
#section('section_2')
More words
#stop
//Modal 2
#extends('template')
#section('section_1')
Rabbit
#stop
#section('section_2')
Stew
#stop
Instead of two unique modals being loaded, I end up with two modals full of Rabbit Stew.
Try using the #overwrite command instead of #endsection
Example:
#section('stuff')
Stuff goes here...
#overwrite
Source: https://github.com/laravel/framework/issues/1058#issuecomment-17194530
I personally would use includes in this instance, unless you've got markup in your sections. If it's just text you could do something like this:
//template.blade.php
<htmls and stuff>
{{ $section1 }}
{{ $section2 }}
</htmls and stuff>
//Modal 1
#include('template', ['section1' => 'Some words', 'section2' => 'More words'])
//Modal 2
#include('template', ['section1' => 'Rabbit', 'section2' => 'Stew'])
I had the same problem. I really wanted to use Blade templates too, but ended up using php includes, even with basic html markup.
//Modal 1
#include('layout.template', array(
'section1' =>
'<h1>Modal 1</h1><p><b>Some</b> words</p>',
'section2' =>
'<p>Some <u>words</u></p>'
))
//Modal 2
#include('layout.template', array(
'section1' =>
'<h1>Modal 2</h1><p><b>Some</b> words</p>',
'section2' =>
'<p>Some <u>words</u></p>
'
))
The markup all works just fine, including links. Where I ran into trouble was when I wanted to use includes inside the include arrays, which I understand is not possible. That is why I wanted to use Blade Templates.
Trying to display a Smarty variable with a hyphen in the key. Nothing I can do to change the fact that it has a hyphen in the key.
For example, a phone number may be stored within the $form array as:
phone-1-1 => Array (9)
name => "phone-1-1"
value => "(555) 555-5555"
type => "text"
frozen => false
required => false
error => null
id => "phone-1-1"
label => "<label for="phone-1-1">Phone Number (..."
html => "<input maxlength="32" size="20" name=..."
Trying to print the smarty variable using:
{$form.phone-1-1.label}
fails because of the hyphens.
Any ideas how I get around that?
The only workaround you can use is:
{assign var="mykey" value="phone-1-1"}
{$form.$mykey.label}
The bult-in Smarty function {assign} let you create variables directly in the template.
http://www.smarty.net/docs/en/language.function.assign.tpl (for Smarty 3)
http://www.smarty.net/docsv2/en/language.custom.functions.tpl (for Smarty 2)