I use Laravel 5.1 and this captcha package: https://github.com/mewebstudio/captcha.
When using this: {{Captcha::img()}} in my blade.php it doesn't show me the captch image. It just prints me out the following html:
<img src="http://localhost/myproject/public/captcha/default?xyD4gHW2" alt="captcha">
Any ideas why? Thank you
do this:
{!! Captcha::img() !!}}
from the docs:
https://laravel.com/docs/5.2/blade
By default, Blade {{ }} statements are automatically sent through
PHP's htmlentities function to prevent XSS attacks. If you do not want
your data to be escaped, you may use the following syntax:
Hello, {!! $name !!}. Note: Be very careful when echoing content that
is supplied by users of your application. Always use the double curly
brace syntax to escape any HTML entities in the content.
Related
In blade.php file, i used {!! $imageLink !!}
$imageLink is "mysite.com/my_image.png?version=1586505972".
But when i inspected elements, it become "mysite.com/my_image.png%3Fversion%3D1586505972"
Although the symbol ? not included in https://www.php.net/manual/en/function.htmlspecialchars.php
I found the reason
$imageLink is actually encoded before passing to blade, it's from return Storage::url($image);
I'm learning laravel (5.5) from a book.
I installed laravel collective, the book says, to link a css file write like this:
{{!! HTML::style('css/app.css') !!}} It works fine.
but in the output two empty {} braces appear (because they are not being used as part of the syntax). So, I removed them and it still works fine.
Question is which syntax is correct?
this {{!! HTML::style('css/app.css') !!}}
or {!! HTML::style('css/app.css') !!}
???
Out of the box Laravel tries to help you with security within your apps. When outputting data using the {{ $foo }} data, Laravel automatically calls the htmlspecialchars() method to prevent XSS attacks. In some cases you do want or need to output HTML, that's why Laravel created a separated syntax for that: {!! $foo !!}.
So to answer your question: {!! $foo !!} is the correct syntax.
Off topic:
If you'd like to not use the unescaped data syntax, you could write you're CSS linking like this:
<link rel="stylesheet" href="{{ asset('css/app.css') }}">
I want to display image of the logged in user using session in Laravel but I am an getting error. And I think it may be due to quotations.
This is my code:
<img src="{{URL::asset('img/'".{{Session::get('admin-pic')}}."'')}}" class="img-circle"/>
Error:
Parse error: syntax error, unexpected '".{{Session::get('admin-pic'))' (T_CONSTANT_ENCAPSED_STRING), expecting ',' or ')' (View: /opt/lampp/htdocs/laravel/blog/resources/views/admin-profile.blade.php)
You don't need to use {{}} inside another one, actually you can't:
<img src="{{URL::asset('img/'.Session::get('admin-pic'))}}" class="img-circle"/>
{{}} will be rendered to echo and you can't nest echo. Also, you can just use the asset() and session helpers. So, the correct syntax:
<img src="{{ asset('img/' . session('admin-pic')) }}" class="img-circle"/>
I'm new to laravel and I saw different types of declaration of forms in laravel.
So when to use regular(html) type :
<form></form>
When to use laravel type:
{{ Form::open()}}
and when this:
{!! Form::open()!!}
According to Laravel's blade documentation:
By default, Blade {{ }} statements are automatically sent through
PHP's htmlspecialchars function to prevent XSS attacks while {!! !!}
displays Unescaped characters.
Keep in mind, the Form syntax has been removed in Laravel 5, so to use it you will need to install a separated package by Laravel Collective.
As per laravel's collective documentation, the correct syntax would be using the unscaped characters:
{!! Form::open(['url' => 'foo/bar']) !!}
//
{!! Form::close() !!}
In Laravel 5 you should use:
{!! Form::open() !!}
Instead of:
{{ Form::open() }}
Laravel Collective Form will generate plain HTML form for you. It's just easier to build maintainable forms with Laravel Collective but if you don't want to use it for some reason, you can always build a form manually by using:
<form></form>
I'm using Laravel version 5.2.37. I have a simple HTML form in the blade view with the following line:
<input type="hidden" name="_token" id="token" value="{{ csrf_token() }}">
When I upload the code to client's shared hosting (Cpanel, PHP 5.5.36), without submitting the form, I hit the refresh and the csrf token value keeps changing.
However, on my local machine (MacOS/Apache2/5.6.16), the csrf token persists for at least 2 minutes (per config/session.php settings). Could it be the older 5.5.36 version of PHP that's causing this?
Try to define 'domain' in config/session.php to the right path. By default, it's set to null but on server, you should clear that.
Well, I finally figured it out. Stupid me made a custom helper with a function that looked something like this:
<?php
function doSomething($arg)
{
?><p>When this function is called,
display <b><?php echo $arg; ?> value.</b></p>
<?php
}
?>
You've probably seen a lot of functions written like this inside WordPress. Although it's not the artisan code, in most cases it will work fine, however Laravel will not tolerate this type of nonsense when dealing with helpers. So everything came back to normal after I wrote my function to return the string instead:
<?php
function doSomething($arg)
{
return '<p>When this function is invoked,
display <b>' . $arg . '</b> value.</p>';
}
?>
Moral of the story - don't write ugly code. Make sure your function returns and never directly echos/prints strings, especially with helper functions.