Interpretation of Tags with HTML

Asked

Viewed 426 times

0

I am programming using the Laravel framework and normally to use PHP within HTML use double keys

{{ $variavel }}

When I should interpret the HTML inside this variable I use

{!!$variavel!!}

I didn’t understand why from the exclamation points, I couldn’t find the documentation for this.

The problem is I wanted the job substr() in the variable, and with that if you have the exclamations or keys it does not work, and if you take it gets the html tags that are in the string.

  • I don’t understand what you mean by substr. What is the expected result? what are you going through in this variable?

2 answers

2


Both syntaxes, as you mentioned are used to display the contents of the strings within your page, the first escaping special characters to avoid XSS attacksen and the second syntax allowing this.

I didn’t understand why the exclamation points, I couldn’t find the documentation for this.

You can find this explanation in documentation of the Laravel. In my view exclamations are used to attract attention, because it is not a good idea to use the second form because it has a certain security risk.

<p>Olá {{ $nome }}</p>
<p>seu último acesso foi em {{ $data }}</p>
<p>localização {!! $local !!}
<p>tempo da sessão {{ $tempo }}

2

Roughly speaking, these keys on Blade are converted to a echo plus the function htmlspecialchars(). Something that looks like this:

<p>Olá {{ $nome }}</p>
<p>Olá <?php echo htmlspecialchars( $nome ); ?></p>

Using the second form, with the exclamations, Blade will not escape string. The content is "printed" directly, like:

<p>Olá {!! $nome !!}</p>
<p>Olá <?php echo $nome; ?></p>

This allows your variable to have, for example, html code.

In both cases you can use any php function:

<p>Olá {{ substr($nome, 0, 2) }}</p>
<p>Último acesso: {!! substr(date('d-m-Y H:i:s'), 0, 10) !!}</p>

Browser other questions tagged

You are not signed in. Login or sign up in order to post.