CODEWITHSUNDEEP
phphtmllaravellaravel-blade
Paul Young
Paul Young

Reputation: 3

Escaping all html in a blade

I want to send different branded emails. I'm storing the email HTML in the DB because I have an email builder that you just upload an email template made from sendgrid ect and I am passing it to the view blade and escaping all of it. {!!$allhtmlcontent!!} But then the variables withing the HTML are escaped too and come out like {{$variable}} is there any way to render the blade twice once to pass the HTML with the variables then to pass all the variables in then as well.

I already tried formatting into a string and looking for the variables in the string and pass the whole html string into the blade then.

$emailBlade = CentreEmailTemplate::where('centre_id', $tenant->centre_id)->where('email_template_type_id', 2)->get(); //getting html content
$html = View('emails.Login.LoginDynamic',['html'=>$emailBlade[0]->html_template]); // passing the html content into the blade
$view = $html->render([     // i know this doesnt work :( just demo
        'mgrName' => $tenant->name,
        'fileUrl' => $fileUrl,
        'messageTotal' => $messageTotal,
        'isMessageGreater' => $isGreater->message,
        'visitorTotal' => $visitorTotal,
        'isVisitorGreater' => $isGreater->visitor,     //variables that need passed into the html content 
        'dwellTotal' => $dwellTotal,
        'isDwellGreater' => $isGreater->dwell,
        'conTotal' => $conTotal,
        'isConGreater' => $isGreater->con,
        'conRateTotal' => $conRateAvg,
        'isConRateGreater' => $isGreater->conRate
    ]);

just outputs the actual variable name instead of the value.

Thanks in Advance..

Upvotes: 0

Views: 118

Answers (1)

Hadi Aghandeh
Hadi Aghandeh

Reputation: 862

One possible solution that I can think of:

$emailBlade = CentreEmailTemplate::where('centre_id', $tenant->centre_id)->where('email_template_type_id', 2)->get()[0]->html_template; //getting html content

$variables = ['{{$mgrName}}' , '{{$fileUrl}}']; //lets say you have two variables
$values = [$tenant->name , $fileUrl];

$email = str_replace($variables , $values , $emailBlade); //now variables are replaced with their values.

Then, in your 'emails.Login.LoginDynami' blade file:

{!! $email !!}

I think what mentioned above is best solution. However as you mentioned that you are already tried this. I can suggest another solution:

Another possible solution is the use of eval(). eval() will evaluate the string as PHP. To use eval() you should first compile the blade string to PHP. which means the {{$variable}} should become something like <?php echo $variable ?>. to do that you can use Blade::compileString($emailBlade). Then you use eval.

However you should be careful about eval. Because you are allowing arbitrary PHP code execution. Therefore if any of the variables are provided by user you should sanitize them.

Upvotes: 1

Related Questions