You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Well, how does this help you might ask? Lets take a look at e() helper function, that is BTW used by Blade's {{ }} behind the scenes:
/** * Encode HTML special characters in a string. * * @param \Illuminate\Contracts\Support\Htmlable|string $value * @param bool $doubleEncode * @return string */functione($value, $doubleEncode = true) {
if ($value instanceof Htmlable)
return$value->toHtml();
return htmlspecialchars($value, ENT_QUOTES, 'UTF-8', $doubleEncode);
}
As you can see, if we supply instace of Htmlable - it is not passed to htmlspecialchars at all. And, as you might have guessed, HtmlStringis indeed an instance of Htmlable. Obviously, you are not escaping any potential malicious PHP code that may be in your variables so be mindful.
Hope this helps. Good luck.
The text was updated successfully, but these errors were encountered:
TL;DR use
return new HtmlString('your HTML here');
inside->addColumn()
callback.This is not an issue but rather a notice in case somebody will be in need of this. (#456)
If you ever need to add some HTML (wether its a data-attribute or some inline blocks, no matter) you actually can do so.
Imagine you have UsersDataTable with current structure:
What if instead of simple
Yes
/No
i would like to have green/red text color accordingly? One could just make it like so:but, even though we do
{!! $dataTables->html() !!}
in our Blades, all HTML would still be encoded byhtmlspecialchars
.Solution to this is rather simple: just wrap returning string with HtmlString, like so:
Well, how does this help you might ask? Lets take a look at
e()
helper function, that is BTW used by Blade's{{ }}
behind the scenes:As you can see, if we supply instace of
Htmlable
- it is not passed tohtmlspecialchars
at all. And, as you might have guessed,HtmlString
is indeed an instance ofHtmlable
. Obviously, you are not escaping any potential malicious PHP code that may be in your variables so be mindful.Hope this helps. Good luck.
The text was updated successfully, but these errors were encountered: