how to ignore iframe on blade Laravel

Question

#Asking

Help me for my problem, when i built a website with Laravel

i am render my post with syntax like this :

<div>
  <p>{!! $post->content !!}</p>
</div>

but i have problem, when i insert a i frame inside post, because the html has been removed with {!! !!}.

i have to try use {{ $post->content }}, but all content rendered with HTML

Any solution to this problem? ?

Thanks very much

Answer 1

With {!! you paste content "as is", in other words you become vulnerable to all types of issues like allowing <script> tags to be placed into your templates.

The {{ syntax will escape any HTML thus what you see is the actual html characters without actually parsing it (i.e. doing {{ '<b>bold</b>' }} will not result in a bold font but in the text <b>bold</b>).

Now with your problem: there are some cumbersome ways to filter out any html tags yourself and leave the <iframe>'s in there (something like {!! only_iframe($content) !!}), but it is quite difficult and will likely not result in a safe solution.

Your own answer which stated that you used {!!html_entity_decode($post->content)!!} simply means that your HTML was encoded to start with, which is not something I can deduct from your question. Note that you are now vulnerable to malicious code injection if you are not certain you can control the contents of $post->content.