2
I recently started using the Laravel and found the function {{}} very useful, because even if it is a Javascript, not active, unlike the echo in the PHP.
I was wondering if you could do the same thing at PHP
Example to basic:
<?php
echo "<script> alert(\"Hello! I am an alert box!!\");</script>";
?>
He will execute the Javascript, however in Laravel with the {{}} it will show what is written but without executing the Javascript.
2
The Laravel Valley transforms {{ }} in a function internal call e(), that comes from escape.
The code of that function e() is as follows:
function e($value, $doubleEncode = true)
{
if ($value instanceof Htmlable) {
return $value->toHtml();
}
return htmlspecialchars($value, ENT_QUOTES, 'UTF-8', $doubleEncode);
}
That is, to use htmlspecialchars results in something like.
The goal to do this is to prevent attacks where code is injected to produce something unexpected in the application, such as malicious Javascripts.
Validating the entries and outputs of your code, especially the places where the user has the power to insert or edit data, is something that may go unnoticed but is very important for security.
Browser other questions tagged php
You are not signed in. Login or sign up in order to post.
is because in the
{{}}is if you want to display a variable from the controller. Ex:{{ $variavel }}if I’m not mistaken, echo also works on Laravel. Now you can run a normal javascript inside a Blade.php file– adventistaam
Use the function
htmlentitiesbefore theecho.– Valdeir Psr
Explain it better there? Got a little confused.
– bfavaretto