I'd like to output text ($post->content) to the user including line breaks and urls.
If I would use {{ $post->content }}, line breaks won't be displayed and a
converted URL looks like this <a href="www.google.com'>www.google.com</a> in the output.
If I would use {!! $post->content !!}, line breaks and urls would be displayed correctly, but this would mean an actual security risk because a user could enter HTML or other code.
What would be the best way to handle my problem?
Related
I am trying to display data of CK editor 5 in frontend like this
enter image description here
The image you provided looks like unparsed markdown. In order to convert this into the correct HTML, you'll need to run it through a markdown parser first. In Laravel, you can actually use the built-in parser Laravel uses for emails. In your view, simply wrap the output with Illuminate\Mail\Markdown::parse(). For example, if you are currently using {{ $post->content }}, then you can replace it with:
{!! Illuminate\Mail\Markdown::parse($post->content) !!}
The {!! is to prevent blade from escaping the resulting HTML.
I am having a problem by rendering some html stuff from a database table. I have a function that is calling and returning some html content from databse table, when i use {{ }} double curly braces it shows the content on page but as a plain text not rendered as html. After i try to use {!! !!} it does not show anything on page. i don't understand why and what's the solution in this case. My blade page contains the .blade extension as well.
Please advice.
$string = "<h1>Its H1 Tag</h1>";
{{ $string }}
Displaying Unescaped Data
By default, Blade {{ }} statements are automatically sent through PHP's htmlentities function to prevent XSS attacks. If you do not want your data to be escaped, you may use the following syntax:
Hello, {!! $name !!}.
if above not work then use below but not a good practice-
in your case you can use htmlentities($string), html_entity_decode($string) on your data and then use {{ $string }} to render html.
For Laravel Version 5.6.* or higher use single Curley Braces
$string = "<h1>Its H1 Tag</h1>;
{!! $string !!}
It can be displayed by the following code too if above code doesn't work.
#php
echo $string;
#endphp
I save html in my database and when I recover this html in my view I see it like text in my browser and not html tags.
Example :
I save "<div><h1>Hello</h1></div>"
But when I echo it, the browser prints the tags as raw data, and not as HTML markup.
I guess you echo it like {{$string}}
This works same as e() function (PHP: htmlentities)
in order to echo html in Laravel Blade echo it like this {!! $string !!} to pass over HTML clean
By default, Blade {{ }} statements are automatically sent through PHP's htmlentities function to prevent XSS attacks. If you do not want your data to be escaped, you may use the following syntax:
Hello, {!! $name !!}
I've found what I want ! Juste use htmlspecialchars_decode() and it works !
I'm using Laravel 5 and Bootstrap 3.3.4
So I have the following code in my controller:
$articles = Newsarticles::paginate(10);
return view ('news',compact('articles');
Then in my view I have:
#foreach($articles as $article)
<article>
<h2>
{!! $article->headline !!}
</h2>
<div class="body">
{!! substr($article->article,0,500) !!}
</div>
</article>
#endforeach
{!! $articles->render() !!}
When I run this, the pagination links at the bottom of the page come out just fine and look as they should do. However, if I change the controller to :
$articles = Newsarticles::orderBy('artdate','DESC')->paginate(10);
my pagination links come out like this:
«
1
2
3
4
5
6
»
How can one small adjustment in the code break the css?
Hadn't escaped tags and an open HTML tag was killing off the css. Thanks to #minioz for pointing it out
From my comment above.
The problem was the broken html tag. It is because of using substr() at this line.
{!! substr($article->article,0,500) !!}
The function will cut out part of the $article->article and left some tags open.
To solve to problem you need to remove tags before do substr()
{!! substr(strip_tags($article->article),0,500) !!}
With substr($article->article,0,500) you may breack html code.
You can also have a distinct number of vivible chars
p>hello</p>
12 chars
<stong>hello</strong>
21 chars.
And take care of this:
echo substring('<p>hello</p>', 5);
Writes: "he". Breack html result.
Try with
substr(strip_tags($article->article,0,500))
to strip all html tabs before cut the string. This will not breack your current html and you will get the correct chars length.
Not enough information to answer -- but the three big possibilities are
Somehow you're rendering different HTML in each example
Other CSS you have on the page isn't bullet-proof, and it's creating different container wraps based on headline and content length
There's HTML content in $article->article, $article->slug, or $article->headline with unclosed tags that's breaking the layout (or unexpected tags/styles/classes that interfere with the page CSS)
Make a copy of the raw page source (View -> Developer -> View Source in Chrome) of the page for the different requests and then run through through a diff program (CLI diff, WinMerge, opendiff, etc.) to spot any rendering differences.
Assuming there's none, investigate each but of content area for broken tags, and then start populating your layout with different length headlines and text body area until you trigger the issue, and then fix your CSS from there.
Good luck!
In my Laravel app I allow users to store some text from a text area. When outputting the text I would like to escape the text retrieved from the DB, but also convert any line breaks from the text into <p> tags. I have a function nl2p() that works well for this, but it gets escaped when I place it inside the triple brackets defeating the purpose: {{{ nl2p($bio) }}}
I tried doing something like this:
<?php $formatted_bio = {{{ $user->bio }}}; ?>
<h2>{{ nl2p($formatted_bio) }}</h2>
but data can't be echoed into a variable like that. Any creative solutions out there I may have overlooked?
Try using the e() helper function Laravel provides. It is basically what Blade calls under the hood when you do the triple braces.
So you'd have:
<h2>{{ nl2p(e($user->bio)) }}</h2>