How to display a post in Laravel view without XSS, but with other tags?

S

Sunsh1ne2016-08-05 01:40:38

XSS

Sunsh1ne, 2016-08-05 01:40:38

Greetings to all,
I am writing a project on Laravel and I can’t find an answer anywhere,
how can I display the text of the article from the database in the blade so that only the white list of html tags goes through,
but, let’s say the script tag is not executed.
I searched, but found only these options: Markdown and purifier
Is there really nothing better? For some reason, I can't believe it... So many blogs are made on laravel, how are tags filtered then?
Share your experience, experienced)

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

T

Tesla, 2016-08-05
@Sunsh1ne

If you definitely need html, then HTMLPurifier will help. I don’t know why you didn’t like it, it does exactly what you need: it filters tags.

D

D', 2016-08-05
@Denormalization

It is possible to filter content through strip_tags with a list of allowed tags (but this is not 100% guaranteed).
In general, XSS is a rather complicated topic, and it is better to try to avoid using pure HTML anywhere ... It is
better to use editors with support for BB code or the same Markdown.

R

Roman Igoshin, 2018-02-12
@MasterRO

Of course it's too late, but for those who find it through the search engine https://github.com/MasterRO94/laravel-xss-filter

A

Alexander Sisyukin, 2016-08-05
@Caarl

you need to do this way
{!! $text !!}
string will auto escape when you perform {{ }}
stackoverflow.com/questions/29253979/laravel-5-dis...