Menu
I have read somewhere on the web that in the blade template engine, the {{ }} automatically sanitize output.
But, what if I want to echo a sanitized Input::get from the controller. What is the best way to do it (e() which is just an htmlentities or HTML::entities or something else)?
419
Laravel SanitizationSanitization of input includes the techniques to identify and remove the possible input entries of strings that can be harmful to your application. Example: Here's how you can sanitize the input by stripping away the script tags using the PHP strip_tags function.
Sanitizing data means removing any illegal character from the data. Sanitizing user input is one of the most common tasks in a web application. To make this task easier PHP provides native filter extension that you can use to sanitize the data such as e-mail addresses, URLs, IP addresses, etc.
I have read somewhere on the web that in the blade template engine, the {{ }} automatically sanitize output.
That is incorrect. You need to use three (3) curly braces to sanitize output {{{ }}}
But, what if I want to echo a sanitized Input::get from the controller.
You should not output from your controllers - you should do it from a view
What is the best way to do it (e() which is just an htmlentities or HTML::entities or something else)?
Yes - e() is the best way to do it in Laravel 4.
On the backend, all that {{{ }}} is doing is actually changing to the equilivant of {{ e() }} anyway
Edit: in Laravel 5 both {{ }} and {{{ }}} now sanitize output. If you need to have unsantized output in Laravel 5 - you can use {!! !!}
74
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
