Currently I use database to store all data(description, name, etc) that user key in (user can self generate content)
Yet, my site is "hijacked" by someone who knows html.. Let's say in description, they enter
<a href="http://hijack.comhijack">abc</a>
to put link:
The code in my Larvel view is {{$site->description}}
How can I restrict them to show this like plain text?
Tt will mess-up my page, and when I put my description in meta property, it will mess up to..
any solution for this?
In Laravel 5, double curly braces now automatically escape all the HTML from your string.
More info: Blade templating
If you're still using Laravel 4, use triple curly braces instead of double, which will escape all the HTML from your string:
{{{ $site->description }}}
No need to use any blade syntax for this just use normal PHP:
<?php echo $site->description; ?>
I am new to Laravel and was looking for a blade solution but this worked for me and seemed to be the simplest solution
you can try :
{!! $site->description !!}
{{{ $site->description }}}HTMLfrom user input ?