I'm making English-Spanish website so depending the language I have to give the user different strings. To do it I'm using Laravel's trans() function.
The problem is that in Blade the trans() outputs html entity encoded characters.
So for example when I put {{ trans('messages.title') }} which points to the string
'title' => 'Título' in the lang file, instead of Título I have Título.
But if I just have the string (or character) put directly in the file it is shown normally.
Is this normal in Laravel 5.2 that trans() function outputs htmlentity encoded string instead of normal UTF8 character?
If not any idea what I'm doing wrong?
If yes is it possible to output normal characters instead?
I have found out that when I use #lang() instead of {{ trans() }} it gives me the character.
So it looks like this is how it works.
But if there is anybody who knows and can confirm that this behavior is intentional and correct, that would be great.
Related
i've the following situation with Freemarker.
When returning to a page in .ftl i send from Java a parameter to the url, similar to "AAA% BBB#DDD.COM", in Java it is ok.
When looking at the Url it does instead Write : "AAA%25+BBB#DDD.COM" And then with the following code:
<#if myCase??>
value = ${user}
</#if>
It does write in my html field "AAA%" but not the remaining.
How can i try to solve this issue?
Thanks in advance.
EDIT: After further investigations i do see the code i put before does write this on the Html:
value="AAA%" BBB#CCC.com=""
EDIT2: Let'see if i can give you more informations, first of, here's the relevant Java code :
Map mapping = new HashMap();
if(user != null && !user.isEmpty()){
mapping.put("user",user); //EG: AAA% BBB#DDD.COM (Checked in debug)
}
I have an URL similar to : mysite.xx?user=AAA%25+BBB#DDD.COM so the user it's attached as query param of the url.
I do need to reuse the "user" param to repopulate the Form field relative to the username, this is not a valid email i know, but an alias system already installed by the customer does the aliasing system this way.
What could be the cause of the problem
Given your template:
<#if myCase??>
value = ${user}
</#if>
Output written by Freemarker in output-mode HTML results in following:
value = AAA% BBB#DDD.COM
Freemarker does not understand that (from your context) the value of user should be an attribute-value (assignment). Instead it treats the contents of string user as HTML itself (this could be complete HTML-source as input-field, single tags, etc.). It simply pastes the contents of the model at the position in your template where you have set the variable-interpolation ${user}.
The Freemarker-result is no valid HTML (attribute-value pair), because each attribute should adhere some naming-conventions (i.e. no special-characters). When the attribute has a value, it is followed by an equal-sign and this followed by the value enclosed in double-quotes.
So most browsers convert your result into a valid HTML attribute - actually two attributes: value="AAA%" and BBB#CCC.com="". Opened the output-HTML in Firefox, you will see this in Inspector (NOT IN the raw source-view):
<input type="text" value="AAA%" bbb#ddd.com="">
What is not the cause
FreeMarker is auto-escaping (escpecially when in OutputMode HTML) when it writes the final HTML.
#ddekany Thanks for your comment ! It made me reproduce and discover the real cause.
URL encoding/decoding
In Java you could even encode the string variable user. So it converts % (i.e. percent-sign followed by space) into %25+ which is valid to be used inside an URL.
Run this java snippet online on IDEONE to the effects of URL-encoding and URL-decoding.
Solutions
Use either of these solutions to get desired output by fixing the HTML-attribute value-assignment in your template:
(1) use double-quotes:
<#if myCase??>
value="${user}"
</#if>
(2) use some built-ins to transform the plain string-output:
Use some of FreeMarker's built-ins for strings. In your case you could append ?url to the variable-name and use double-quotes around your variable-interpolation within your template, e.g.:
<#if myCase??>
href="mailto:${user?url}"
</#if>
Caution: validate URL or email-address (even parts of it) as early as possible
BBB#DDD.COM is a valid email-address. But % and whitespaces are not allowed inside an email-address.
On the other side # is typically not part of an URL, except as part inside a query-param value. But your user (URL) does not start with http:// etc.
So depending on the use-case/purpose of your (so called URL) user with value AAA% BBB#DDD.COM it could finally represent part of an URL or email-address.
In your special case, said:
populate the form field relative to the username. Model-variable user does not contain a valid email-address. It is used in conjunction with an alias system already installed by the customer. So aliasing will work this way.
Let's suppose the end-user which does later edit the form-field is responsible of making it valid (or a script does this validation).
Anyway bear in mind that an internet-address (like URL/email) needs some validation:
either before written to the final HTML (using Java or Freemarker)
or after being further processed inside your web-page (using JavaScript).
Otherwise it could possibly not yield the desired effect.
See also
Related questions:
Is there any way to url decode variable on Freemarker?
Java URL encoding of query string parameters
At the moment, I have a field within my Laravel project that requires some form of encryption, so I use the available encryption through Laravel, and decrypt using the following in my blade:
{{\Crypt::decryptString($e->SCEIN)}}
But I was curious if there was a way for me to be able to show only the last 8 characters of this field after it has been decrypted. I can't seem to find much mention of it though I do know using substr would technically get me there, I am not sure how to use it on an encrypted field.
You can wrap the whole decrypt string inside the substr function and setting -8 in the second param will give you the last 8 characters.
{{ substr( \Crypt::decryptString($e->SCEIN), -8 ) }}
When I insert data I dont sanetize the text in any way, I just do small things suck as making the first leter capital and striping linebreaks when there are more than two in a row.
So if I now output the text using:
{{ $text }}
I am safe since this way laravel strips any dangerous data/tags to prevent xss. But the problem now is that I dont have any linebreaks in the text.
So now I tried this:
{!! nl2br(e($text))!!}
This seems to work, I keep my linebreaks and things like <script>alert('xss');</script> gets output as normal text. But is this the proper way to output text safe in laravel while keeping linebreaks?
Yes, that's the correct way to achieve this.
{{ $text }} is equivalent to {!! e($text) !!}.
I know how to print double curly braces in Laravel: #{{ }}.
But how can I print triple curly braces? My first thought of adding an # before does not work, Laravel still tries to interpret it.
Is there an easy way without encoding the braces to HTML entities?
Update
Very recently, a pull request was merged that fixes this problem!!
As of Laravel 5.1.7 it is possible to use the # sign as expected:
#{{{ ... }}}
Original Answer
The least ugly workaround I found up until now is to escape the first two brackets as normal and adding an invisible between them and the third bracket:
#{{{test}}}
I'll investigate further and update this answer if I find something better...
This is the easiest way. Use HTML entities to escape curly braces. Tested in Laravel 5.
See here for the list of HTML entities. HTML Entities
Code
{{{text}}}
Output
{{{text}}}
Use this if you just want to print them:
{{ '{{{' }}
One more way is as following
{#{{Text}}}
I ran into the same issue trying to render some raw HTML using Vue.js in laravel 4.2. For me the easiest solution was to just to use a simple php echo statement in the blade template:
<?php echo '{{{ text }}}'; ?>
Did the trick for me.
I get the name of a file from a notification between one pluggin and my cocoa application. My problem is that I am receiving the file name like this: "My+file+name.png" instead of "My file name.png" (with spaces). I don't know how to decode this parameter in order to get the correct file name.
Any ideas? Thanks
Assuming that this is encoded as for a URL query string, you'll want to replace any plus signs with spaces and unescape the percent escape sequences.
I solved it in the javascript code from my pluggin. I added this function:
function decode(str) {
return unescape(str.replace(/\+/g, " "));
}
I called before passing the parameters to my cocoa application.