Home > OS >  How to directly call the laravel sanitize function?
How to directly call the laravel sanitize function?

Time:06-06

In a blade file one can do this:

{{ $someVariable }}

This sanitizes $someVariable as opposed to calling it like this:

{!! $someVariable  !!}

What PHP function is called for the first case? Is there a way to do this outside of a blade file?

CodePudding user response:

According to the Laravel documentation you can do it with htmlspecialchars()

Example:

$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);
echo $new; // &lt;a href=&#039;test&#039;&gt;Test&lt;/a&gt;

https://www.php.net/manual/en/function.htmlspecialchars.php

CodePudding user response:

The function that ends up being called is e, for 'escape'.

"Encode HTML special characters in a string."

{{ ... }} is replaced with <?php echo e(...); ?>.

It is defined in vendor/laravel/framework/src/Illuminate/Support/helpers.php. It calls htmlspecialchars but also handles special objects that are Htmlable or DeferringDisplayableValue.

"The e function runs PHP's htmlspecialchars function with the double_encode option set to true by default" - Laravel 9.x Docs - Helpers - String Helpers - e

On a side note, this is not sanitizing, it is just escaping.

Page link:https//www.codepudding.com/os/431807.html

Prev:Laravel Version, PHP Version and Composer Version Compatibility Issue
Next:Mongodb - how to group different fields inside a resulting embedded document
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding