Save blade templates to database rather than file

Question

I want to save my blade templates to database, because the header and footer of each page is customizable for the user. I want to let my users create the layout themselves and then for each request from a given user, I want to serve the page, using the layout specified by that user.

The necessary variables that are passed by the controller are provided to them in the documentation.

Note: I trust my users. They are all stake-holders of the project and are programmers, so server side code execution is acceptable.

Answer 1

Although this is an old post but just in case someone stumbles across it like I did. I achieved similar while using the Laravel Framework, by saving the view in database such that, whenever I need to display the view, I retrieve it from DB, and load it into a file using the file_put_contents() php function and render it with the view() method. For example;

$blade = DB::table('pages')->where('name', 'index')->first();
file_put_contents('template.blade.php', $blade->view);

//Note if I also need to pass data to the view I can also pass it like so
//$data = ['page_title' => 'Testing Blade Compilation using views Saved in DB'];
// return view(template, $data);

return view('template');

While again in my own case for added security, I created base templates with the blade templating scheme & injected user created inputs into the template after sanitizing the generated input using HTMLPurifier and rendering the view. For example

$view = view('base.template')->render();
//similarly like the above I can load any data into the view like so
//$data = ['page_title' => 'Testing Blade Compilation using views Saved in DB'];
//$view = view('base.template', $data)->render();

$purifier = new HTMLPurifier(HTMLPurifier_Config::createDefault());
$with_purified_input = $purifier->purify($user_generated_input);
str_replace('view_variable', $with_purified_input, $view);

return $view;

Answer 2

I realised that I can improve security and caching if I just let them insert the static content only. The only thing I need to change is the main content, so I can just let them set a token where the content is to be placed. As is in the above answer by @huzaib-shafi , I did the following...

//In controller
$content = View::make('final',compact('data'));
$token = "<meta name='_token' content='" . csrf_token() ."'";
$scripts = View::make('final_scripts',compact('data'));

$view = str_replace_first("<%content%>", $content, $templateInDatabase);
$view = str_replace_first("<%token%>", $token, $view);
$view = str_replace_first("<%scripts%>", $scripts, $view);

return $view;

This enforces them to use bootstrap in their template, because I use bootstrap styles in my blade templates, but it is acceptable in my case.