Laravel insert escaped string in blade template

Question

I have an app where admin can store analytics code to database. I save this code with:

$analytics = htmlentities($value);

So I end up with something like this in my DB:

&lt;script&gt;
 (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
 (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','//www.google-analytics.com/analytics.js','ga');

ga('send', 'pageview');

&lt;/script&gt;

Then I try to output this in my blade template:

{!! $site_settings->get("analyticsCode")->value !!}

Unfortunately blade cannot unescape the script section:

&lt;script&gt;

I have tried also with HTML::decode without success.

So the < and > are saved as < and > in the database row? Did you try a simple str_replace to output them as < and >? — ojrask
– ojrask, Commented Jun 26, 2015 at 5:19
Of course, this could be a solution. But I'm searching a different solution, if it's possible, to make this work in an laravel way. I could of course store only the js code without the script tag, but I would like to know if this is a security problem or there is a way to output like in my example. — Tropicalista
– Tropicalista, Commented Jun 26, 2015 at 5:23
Did you try HTML::decode() ? It's a wrapper for html_entity_decode() — Jeemusu
– Jeemusu, Commented Jun 26, 2015 at 5:42
Yes I've tried but with wrong syntax. This seems to work: {!! Html::decode( $site_settings->get("analyticsCode")->value ) !!} The double exclamation mark do the job. — Tropicalista
– Tropicalista, Commented Jun 26, 2015 at 6:02

Jeemusu · Accepted Answer · 2015-06-26 06:16:21Z

1

You can use HTML::decode() which is a wrapper for the php html_entity_decode() function.

Laravel 5:

{!! Html::decode( $site_settings->get("analyticsCode")->value ) !!}

Laravel 4:

{{ Html::decode( $site_settings->get("analyticsCode")->value ) }}

answered Jun 26, 2015 at 6:16

Jeemusu

10.5k3 gold badges46 silver badges68 bronze badges

Sign up to request clarification or add additional context in comments.

Collectives™ on Stack Overflow

Laravel insert escaped string in blade template

1 Answer 1

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Comments

Your Answer

Sign up or log in

Post as a guest

Related