Laravel and Blade - how to write a variable inside quotes? - laravel

I am trying to produce something like
id="checkout-button-{someid}"
For instance
id="checkout-button-jjn5jghj5"
I thought this would be done through unescaped strings doing this
id={!! "checkout-button-$item->id" !!}
But this is not producing the variable in the string.
What is proper way to do this in blade views?
thanks

Blade is going to
Look for the opening {{
Capture everything before the closing }}, and then
Evaluate the expression and use that value to replace the entire {{ ... }} string
In your case, the only thing you need Blade for is getting the id. So your statement should look like this:
id="checkout-button-{{ $item->id }}"

Related

Laravel safe way to output text with line breaks

When I insert data I dont sanetize the text in any way, I just do small things suck as making the first leter capital and striping linebreaks when there are more than two in a row.
So if I now output the text using:
{{ $text }}
I am safe since this way laravel strips any dangerous data/tags to prevent xss. But the problem now is that I dont have any linebreaks in the text.
So now I tried this:
{!! nl2br(e($text))!!}
This seems to work, I keep my linebreaks and things like <script>alert('xss');</script> gets output as normal text. But is this the proper way to output text safe in laravel while keeping linebreaks?
Yes, that's the correct way to achieve this.
{{ $text }} is equivalent to {!! e($text) !!}.

Laravel 5.2 trans() gives me htmlentity encoded strings instead of characters

I'm making English-Spanish website so depending the language I have to give the user different strings. To do it I'm using Laravel's trans() function.
The problem is that in Blade the trans() outputs html entity encoded characters.
So for example when I put {{ trans('messages.title') }} which points to the string
'title' => 'Título' in the lang file, instead of Título I have Título.
But if I just have the string (or character) put directly in the file it is shown normally.
Is this normal in Laravel 5.2 that trans() function outputs htmlentity encoded string instead of normal UTF8 character?
If not any idea what I'm doing wrong?
If yes is it possible to output normal characters instead?
I have found out that when I use #lang() instead of {{ trans() }} it gives me the character.
So it looks like this is how it works.
But if there is anybody who knows and can confirm that this behavior is intentional and correct, that would be great.

why laravel 4 operator show weird output in laravel 5?

I know that {{ }} is laravel 4 operator but what if i use this in laravel 5.
I am trying it in laravel5 , it works but show some weird output
so should i use this operator or not in laravel 5???
The blade syntax in Laravel 4.x was as follows
{{ $variable }} to output a variable without escaping the contents.
{{{ $variable }}} to output a variable whilst escaping the contents.
In Laravel 5.x this was changed to
{!! $variable !!} to output a variable without escaping the contents.
{{ $variable }} to output a variable whilst escaping the contents.
The reason you're seeing "weird" output is because the content which previously wasn't being escaped now is. What you're seeing is HTML entities and such being converted.
In order to get the expected output you'll need to change your blade templates to use {!! $variable !!} where appropriate.
If you don't want to go through all of the blade templates to make the change you can do the following
Add the following lines at the bottom of AppServiceProvider#register:
\Blade::setRawTags('{{', '}}');
\Blade::setContentTags('{{{', '}}}');
\Blade::setEscapedContentTags('{{{', '}}}');
This should not be done lightly, and may make your application more vulnerable to XSS exploits. Also, comments with {{-- will no longer work.
These changes are documented in the Upgrade guide under the heading Blade Tag Changes.
The brackets are from blade, a template engine included in laravel 4 and 5.
It helps you to write easy code by converting a <your name>.blade.php into a full php file.
Hello, {{ $name }}.
will be converted to
Hello, <?php echo $name ?>
Remember the brackets will use htmlspecialchars so when you want to print a html element you need
{!! $myElement !!}

Blade engine: print triple curly braces

I know how to print double curly braces in Laravel: #{{ }}.
But how can I print triple curly braces? My first thought of adding an # before does not work, Laravel still tries to interpret it.
Is there an easy way without encoding the braces to HTML entities?
Update
Very recently, a pull request was merged that fixes this problem!!
As of Laravel 5.1.7 it is possible to use the # sign as expected:
#{{{ ... }}}
Original Answer
The least ugly workaround I found up until now is to escape the first two brackets as normal and adding an invisible between them and the third bracket:
#{{‌{test}}}
I'll investigate further and update this answer if I find something better...
This is the easiest way. Use HTML entities to escape curly braces. Tested in Laravel 5.
See here for the list of HTML entities. HTML Entities
Code
{{{text}}}
Output
{{{text}}}
Use this if you just want to print them:
{{ '{{{' }}
One more way is as following
{#{{Text}}}
I ran into the same issue trying to render some raw HTML using Vue.js in laravel 4.2. For me the easiest solution was to just to use a simple php echo statement in the blade template:
<?php echo '{{{ text }}}'; ?>
Did the trick for me.

Handlebars triple stache inside of a double stache

I have registered a handlebars helper by the name of "t" that will translate a string. I have a Handlebars template which uses the value of a variable that will be a word:
{{{word}}}
I would like to translate the value of that variable using my helper, but cannot do
{{t "{{{word}}}" }} or {{t {{{word}}} }}
I am inexperienced with Handlebars and am wondering - What is the simplest way to achieve this?
{{t word}}
Simply pass the reference into your helper without brackets.
You only need brackets for outputting the value of the reference to the page:
Handlebars HTML-escapes values returned by a {{expression}}. If you
don't want Handlebars to escape a value, use the "triple-stash", {{{.
UPDATE:
If you need to perform some kind of operation (such as escaping HTML) on the value of word, you can make a second helper and pass that into your first helper using ( parentheses ):
{{t (myOtherHelper word)}}

Resources