Laravel e function (htmlentities) is not fully wor

2019-08-12 06:55发布

站内问答 / PHP
2019 1 6

I am trying to use the e function in Laravel which is equivalent to the htmlentities PHP function.

In my Form view and Controller I am trying to save a document that uses the e function which looks like this:

Form view:

{{ Form::text('client_name') }}

Controller: 

$client = new Client;
$client->client_name = e(Input::get('client_name'));
$client->save();

Say I wrote <script type="text/javascript">alert('gotcha!');</script> into the client_name field. I then save it to database but when it redirects after it saves to db, it runs this script once! Also just to make sure that the e function was working correctly I looked into my db and it is as expected:

"&lt;script type=&quot;text/javascript&quot;&gt;alert(&#039;gotcha!&#039;);&lt;/script&gt;"

My question is how can I avoid executing that javascript alert('gotcha')??

Or am I putting this e function or the htmlentities function in the wrong place?'

thanks!

1条回答
成全新的幸福
2楼-- · 2019-08-12 07:07

You are running the e() at the wrong place. Escaping is best saved for output of data - not the input.

Your controller should do this:

$client = new Client;
$client->client_name = Input::get('client_name');
$client->save();

Your Form view is ok with the following - because Form "escapes" the data automatically

{{ Form::text('client_name') }}

But after you create the client and do the redirect - I bet somewhere you are doing this

{{ $client->client_name }}

You should change it to this

{{{ $client->client_name }}}

Note the third { } - which will automatically escape the data for you

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)