Escaping output in laravel?

M

MadStudio2015-01-20 04:00:52

Laravel

MadStudio, 2015-01-20 04:00:52

A question of this nature: the user adds a message through the form (the nicEdit editor is attached to the form), when outputting to a view with {{{$post->text}}} escaping, it is displayed текст <br> текст
i.e. the question is, how to properly escape the output, but keep the line breaks, text formatting, etc.?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

A

Anton Shamanov, 2015-01-20
@MadStudio

Text formatting is best done at the stage of adding to the database (while preventing the possibility of second-order injections), and not at the stage of output. This will speed up page loading.

Y

Yuri Tarakhonich, 2015-01-21
@sofcase

Here c {{{ ... }}} approach is clearly not suitable for you.
Use strip_tags to strip the tags from the content, leaving the ones you want to keep.
For example:

strip_tags($content, '<a><b>'); // оставит только теги a и b

R

russik201, 2017-02-07
@russik201

use {!!$post->text!!}

R

reedwalter24, 2015-01-20
@reedwalter24

If the text was saved through to the database via Input::get('param');
Then you can display html through {{ $post->text}}