Unable to display raw html Data in blade file with substr function - php

I need to get first 100 characters from MySQL database. while displaying I can able to display all the characters using this
{!! $blog->description !!} code.
If I need to display 100 characters then it is not working
{!! substr($blog->description,0,200) !!}.
I tried using different ways
<?php $description = substr($blog->description,0,200) ?>
<p> {!! $description !!} </p>
I am not understanding what is wrong in my code.

this show html characters in your html but you cant substring that before rendering
you can use that code to delete special characters and substring
{{ substr(strip_tags($blog->description),0,200) }}

Related

How to show limited text and remove html tags in Larave blade?

I am new to laravel.
I am using {{ Str::limit($leave->leave_reasone, 50) }} to show limited Text And
{!! $leave->leave_reasone !!} to remove Html Tags. But
How can I apply Both in laravel blade?
you can use limit inside {!! !!}. both {{ }} and {!! !}} print variables inside them. the difference is {{ }} uses PHP's htmlspecialchars function to prevent XSS attacks while {!! !}} is used to print unescaped data.
{!! Str::limit($leave->leave_reasone, 50) !!}

Laravel not rendering html

I tried rendering html markup with content that I have from the database.
It's a bunch of text with a simple <a> tag.
this is how it's set in the database field. The database fieldtype is varchar(200)
and the collation is utf8_unicode_ci
This is the value of the field:
blablabla <a href="mailto:info#atmox.nl">info#atmox.nl</a> blablabla
I tried using only the {!! !!} blade syntax, but it would just render the markup as plain text. eventually I tried the html_entity_decode and htmlspecialchars_decode functions, but it's results are the same. plain text.
this is the html part
<p>{!! $baan->descriptiond !!}</p>
You really should be able to do this:
<p>{!! html_entity_decode($baan->descriptiond) !!}</p>
That is assuming $baan->descriptiond is something like:
<a href="mailto:info#atmox.nl">info#atmox.nl</a>
Try to render using htmlentities($baan->descriptiond), html_entity_decode($string) on your data and then use {{ $baan->descriptiond }} to render html.
OR
just use a plain laravel blade:
{{$baan->descriptiond}}
you need to do this way
{!! $text !!}
string will auto escape when you perform {{ }}
For laravel 5
{!!html_entity_decode($text)!!}

Rendering HTML from database table to view blade issue

I am having a problem by rendering some html stuff from a database table. I have a function that is calling and returning some html content from databse table, when i use {{ }} double curly braces it shows the content on page but as a plain text not rendered as html. After i try to use {!! !!} it does not show anything on page. i don't understand why and what's the solution in this case. My blade page contains the .blade extension as well.
Please advice.
$string = "<h1>Its H1 Tag</h1>";
{{ $string }}
Displaying Unescaped Data
By default, Blade {{ }} statements are automatically sent through PHP's htmlentities function to prevent XSS attacks. If you do not want your data to be escaped, you may use the following syntax:
Hello, {!! $name !!}.
if above not work then use below but not a good practice-
in your case you can use htmlentities($string), html_entity_decode($string) on your data and then use {{ $string }} to render html.
For Laravel Version 5.6.* or higher use single Curley Braces
$string = "<h1>Its H1 Tag</h1>;
{!! $string !!}
It can be displayed by the following code too if above code doesn't work.
#php
echo $string;
#endphp

Laravel laravelcollective/html textarea with unescaped html

I have a form made with the laravelcollective/html form package. Now I'd like to enter unescaped HTML Markup in a textarea:
<p>This is HTML-Markup text</p>
My form looks like this:
{!! Form::label('body', 'Body:') !!}
{!! Form::textarea('body' , null , ['class' => 'form-control']) !!}
I tried it with {{ }} but it still escapes the HTML in the textarea.
Also: Is there a way to limit the allowed HTML-Markups (probably with a regex) ? E.g. only <p>, <h1> and <div> and no <script>.
I'm using Laravel 5.2.
Thanks guys.
Try this {{!! !!}} for show result textarea
By default, Blade {{ }} statements are automatically sent through PHP's htmlentities function to prevent XSS attacks. If you do not want your data to be escaped, you may use the following syntax:
{!! $str!!}

Laravel 5 Form::model(...) escaped by default?

Maybe this is a simple thing that I'm missing, but in my laravel blade template I have something like:
{{ Form::model(....) }}
... my fields ...
{{ Form::close() }}
This results with escaped HTML so the form tag is actually printed to the screen. However, if I do:
{!! Form::model(....) !!}
... my fields ...
{!! Form::close() !!}
it works as expected. Do I always need to use the {!! ... !!} when outputting html? All the tutorials I've read up on just show using the normal convention of {{ Form::model(...) }} to open the form. Thanks for any advice! Using Laravel 5 fwiw.
That is correct.
Laravel 4
{{ ... }} for raw html
{{{ ... }}} for escaping with htmlentities()
Laravel 5
{!! ... !!} for raw html
{{{ ... }}} for explicitly escaped content
{{ ... }} for the default behavior (which is escaped as well)
If you don't like it you can change all 3 of those tags with these methods:
Blade::setRawTags($openTag, $closeTag);
Blade::setContentTags($openTag, $closeTag);
Blade::setEscapedContentTags($openTag, $closeTag);
To restore the way how Laravel 4 handled things, you can do this:
Blade::setRawTags('{{', '}}');
Blade::setEscapedContentTags('{{{', '}}}');
It used to be that {{ text }} was unescaped, and {{{ text }}} was escaped, but that changed with Laravel 5. Now, it's {{ text }} for escaped, and {!! text !!} for unescaped. So yes, you'll always need the latter for HTML in Laravel 5.
Most likely, all of the tutorials you've read are using the older version. I'll be the first to admit that this can be a tad confusing. Haven't quite gotten used to it myself yet. :)
For reference:
http://laravel.com/docs/5.0/templates - Laravel 5
http://laravel.com/docs/4.2/templates - Laravel 4
Laravel4.x:
{{{ text }}}:Content tags,
#{{ text }}: Raw tags,
{{ text }}: Escaped tags/Default.
Laravel5.x:
{{ text }}:Content tags,
#{{ text }}: Raw tags,
{!! text !!}: Escaped tags.
Blade is magic!

Categories