I'm learning laravel (5.5) from a book.
I installed laravel collective, the book says, to link a css file write like this:
{{!! HTML::style('css/app.css') !!}} It works fine.
but in the output two empty {} braces appear (because they are not being used as part of the syntax). So, I removed them and it still works fine.
Question is which syntax is correct?
this {{!! HTML::style('css/app.css') !!}}
or {!! HTML::style('css/app.css') !!}
???
Out of the box Laravel tries to help you with security within your apps. When outputting data using the {{ $foo }} data, Laravel automatically calls the htmlspecialchars() method to prevent XSS attacks. In some cases you do want or need to output HTML, that's why Laravel created a separated syntax for that: {!! $foo !!}.
So to answer your question: {!! $foo !!} is the correct syntax.
Off topic:
If you'd like to not use the unescaped data syntax, you could write you're CSS linking like this:
<link rel="stylesheet" href="{{ asset('css/app.css') }}">
Related
In blade.php file, i used {!! $imageLink !!}
$imageLink is "mysite.com/my_image.png?version=1586505972".
But when i inspected elements, it become "mysite.com/my_image.png%3Fversion%3D1586505972"
Although the symbol ? not included in https://www.php.net/manual/en/function.htmlspecialchars.php
I found the reason
$imageLink is actually encoded before passing to blade, it's from return Storage::url($image);
I am trying to pass a variable from Blade to a Vue component prop. However, when I'm passing the variable, something goes wrong. The error which I receive is the following:
[Vue warn]: Error compiling template:
invalid expression: Invalid or unexpected token in
[{"id":6,"name":"aaa","created_at":"2019-12-05
Raw expression: :companies="[{"id":6,"name":"aaa","created_at":"2019-12-05"
153| <!-- Page Content -->
154|
155| <company_index :companies="[{"id":6,"name":"aaa","created_at":"2019-12-05" 14:35:38","updated_at":"2019-12-05="" 14:35:38"}]=""></company_index>
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
156| <!-- END Page Content -->
157| </main>
(found in <Root>)
As you can see, a random quote is added which is NOT present in the datetime itself (after 2019-12-05). It only gets added when passing it to the Vue component. Here is my code from my blade file:
#extends('layouts.backend')
#section('content')
<!-- Page Content -->
<company_index :companies={{json_encode($companies)}}></company_index>
<!-- END Page Content -->
#endsection
I've tried the following things:
Checked to see if the datetime somehow had an extra quote, this was not the case.
Checked if other Eloquent Models had the same problems, which they do (They also use standard datetimes from Laravel).
Remove json_encode from my blade file
Replaced :companies={{json_encode($companies)} with :companies={!! $companies !!}
Searched for people with the same problem, but did not find anything about this problem.
I don't think there is anything wrong with my code, but I don't know for sure what my problem is. If you need more details, just ask.
try adding double quote :companies="{{json_encode($companies)}}"
I want to call all my css and js files using UR::asset
but the problem is it returns this output "Method does not exist."
My code:
<link href="{{ URL::asset('public/css/style.css') }}">
You just need to use public_path() method for this.
i.e
public_path('css/style.css');
Here is laravel documentation link
Just make sure you don't have any typos in your code: URL::asset(). I would also suggest using the helper function asset() instead for brevity.
I'm new to laravel and I saw different types of declaration of forms in laravel.
So when to use regular(html) type :
<form></form>
When to use laravel type:
{{ Form::open()}}
and when this:
{!! Form::open()!!}
According to Laravel's blade documentation:
By default, Blade {{ }} statements are automatically sent through
PHP's htmlspecialchars function to prevent XSS attacks while {!! !!}
displays Unescaped characters.
Keep in mind, the Form syntax has been removed in Laravel 5, so to use it you will need to install a separated package by Laravel Collective.
As per laravel's collective documentation, the correct syntax would be using the unscaped characters:
{!! Form::open(['url' => 'foo/bar']) !!}
//
{!! Form::close() !!}
In Laravel 5 you should use:
{!! Form::open() !!}
Instead of:
{{ Form::open() }}
Laravel Collective Form will generate plain HTML form for you. It's just easier to build maintainable forms with Laravel Collective but if you don't want to use it for some reason, you can always build a form manually by using:
<form></form>
I use Laravel 5.1 and this captcha package: https://github.com/mewebstudio/captcha.
When using this: {{Captcha::img()}} in my blade.php it doesn't show me the captch image. It just prints me out the following html:
<img src="http://localhost/myproject/public/captcha/default?xyD4gHW2" alt="captcha">
Any ideas why? Thank you
do this:
{!! Captcha::img() !!}}
from the docs:
https://laravel.com/docs/5.2/blade
By default, Blade {{ }} statements are automatically sent through
PHP's htmlentities function to prevent XSS attacks. If you do not want
your data to be escaped, you may use the following syntax:
Hello, {!! $name !!}. Note: Be very careful when echoing content that
is supplied by users of your application. Always use the double curly
brace syntax to escape any HTML entities in the content.