Reputation: 13537
How to directly call the laravel sanitize function?
In a blade file one can do this:
{{ $someVariable }}
This sanitizes $someVariable as opposed to calling it like this:
{!! $someVariable !!}
What PHP function is called for the first case? Is there a way to do this outside of a blade file?
Upvotes: 0
Views: 406
Answers (2)
Reputation: 50531
The function that ends up being called is e, for 'escape'.
"Encode HTML special characters in a string."
{{ ... }} is replaced with <?php echo e(...); ?>.
It is defined in vendor/laravel/framework/src/Illuminate/Support/helpers.php. It calls htmlspecialchars but also handles special objects that are Htmlable or DeferringDisplayableValue.
"The
efunction runs PHP'shtmlspecialcharsfunction with thedouble_encodeoption set totrueby default" - Laravel 9.x Docs - Helpers - String Helpers -e
On a side note, this is not sanitizing, it is just escaping.
Upvotes: 1
Reputation: 1765
According to the Laravel documentation you can do it with htmlspecialchars()
Example:
$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);
echo $new; // <a href='test'>Test</a>
https://www.php.net/manual/en/function.htmlspecialchars.php
Upvotes: 1
Related Questions
- Laravel 7 Sanitizing Form Data
- How can I sanitize laravel Request inputs?
- Laravel 5 - sanitize certain inputs on validation
- laravel : sanitize request data before validation
- Modify input before validation on Laravel 5.1
- Sanitize user input in laravel
- Laravel 5.1: Calling a function from string
- Laravel sanitize middleware not working
- Laravel HTML and SQL sanitisation
- Laravel3: Do I need sanitization if I use Eloquent?