Laravel 5 Display HTML with Blade

Question

I have a string returned to one of my views  like this    text     lt p gt  lt strong gt Lorem lt  strong gt  ipsum dolor  lt img src  images test jpg  gt  lt  p gt     I m trying to display it with Blade      text     However  the output is a raw string instead of rendered HTML  How do I display HTML with Blade in Laravel 5   PS  PHP echo   displays the HTML correctly

User · Answer

By default  Blade       statements are automatically sent through PHP s htmlspecialchars function to prevent XSS attacks  If you do not want your data to be escaped  you may use the following syntax   According to the doc  you must do the following to render your html in your Blade files       text       Be very careful when echoing content that is supplied by users of your application  You should typically use the escaped  double curly brace syntax to prevent XSS attacks when displaying user supplied data

User · Answer

I have been there and it was my fault  And very stupid one   if you forget  blade extension in the file name  that file doesn t understand blade but runs php code  You should use   resources views filename blade php   instead of   resources views filename php   hope this helps some one

User · Answer

Try this  It s worked    php     echo  text    endphp

User · Answer

its a simple        text       laravel compile  as a dom element and    text   print as a string

User · Answer

This works fine for Laravel 5 6   lt  php echo   text     gt    In a different way       text       It will not render HTML code and print as a string   For more details open link - Display HTML with Blade

User · Answer

Unbelievable  several identical and consequently wrong answers  Laravel saves pure php code to Storage fremework view Of course  if you have thousands of views  it will take a century to find the one you want  but open any one and see that where there were     text    now there are  lt  php echo  text    gt  then forget     text    and use  lt  php print  text     gt   but it s still not a good idea  if strangers created the html  then let s create our criteria    Controller   lt  php    body   strip tags  text    lt strong gt  lt span gt  lt p gt  lt b gt  lt small gt  lt pre gt  lt div gt  lt br gt  lt img gt  lt video gt  lt a gt  lt ul gt  lt li gt  lt ol gt  lt i gt  lt font gt  lt blockquote gt      return view  myview   compact  body       gt    Blade   lt iframe srcdocs  quot   print  body    quot  sandbox gt  lt  iframe gt   or   lt iframe srcdocs  quot    body   quot  sandbox gt  lt  iframe gt   Allowed tags  lt strong gt  lt span gt  lt p gt  lt b gt  lt small gt  lt pre gt  lt div gt  lt br gt  lt img gt  lt video gt  lt a gt  lt ul gt  lt li gt  lt ol gt  lt i gt  lt font gt  lt blockquote gt   Yes  you can use some php functions in the blade syntax  although this is not documented correctly and you need to be careful too  since      is the same as echo  so if you put something like print    print r or var dump will work  but more complex things don t work  it literally doesn t replace  lt  php   gt  Why an iframe  Note that this is not a common iframe  it has the sandbox attribute  while the strip tags    function has removed the  tags  the iframe will literally kill onclick     onerro    and the like  isolating the code  however  a A pessimist will say that he can still use the address bar  in fact laravel already has an escape  but you can create middleware and list it in the middlewaregroup at app   http  kernel php  So  you will have the opportunity to make sure that the requested url is eligible Less painful alternative As this article explains  https   kuztek com blog use-laravel-purifier-securit you can use the HTMLPurifier  follow the procedure below Install the package  composer require mews purifier  Generate the configuration file  php artisan vendor publish --provider  quot Mews Purifier PurifierServiceProvider quot    Change  HTML Allowed  in config   purifier php  HTML Allowed    gt   h1 class  h2 class  h3 class  h4 class  h5 class  div class  b strong style class  i class  em a href title class  ul style class  ol style class  li style class  p style class  br blockquote class  span style class  img width height alt src class     No further action is needed  just call it on the blade  replacing  body with the variable containing the html code    clean  body

User · Answer

To add further explanation  code inside Blade       statements are automatically passed through the htmlspecialchars   function that php provides  This function takes in a string and will find all reserved characters that HTML uses  Reserved characters are  amp   lt   gt  and    It will then replace these reserved characters with their HTML entity variant  Which are the following    --------------------- ------------------         Character              Entity        --------------------- ------------------              amp                    amp amp          --------------------- ------------------              lt                    amp lt           --------------------- ------------------              gt                    amp gt           --------------------- ------------------                                 amp quot         --------------------- ------------------    For example  assume we have the following php statement    hello     lt b gt Hello lt  b gt      Passed into blade as     hello    would yield the literal string you passed    lt b gt Hello lt  b gt    Under the hood  it would actually echo as  amp lt b amp gt Hello amp lt b amp gt  If we wanted to bypass this and actually render it as a bold tag  we escape the  htmlspecialchars   function by adding the escape syntax blade provides        hello      Note that we only use one curly brace    The output of the above would yield   Hello  We could also utilise another handy function that php provides  which is the html entity decode   function  This will convert HTML entities to their respected HTML characters  Think of it as the reverse of htmlspecialchars    For example say we have the following php statement    hello     amp lt b amp gt  Hello  amp lt b amp gt      We could now add this function to our escaped blade statement       html entity decode  hello        This will take the HTML entity  amp lt  and parse it as HTML code  lt   not just a string   The same will apply with the greater than entity  amp gt    which would yield   Hello  The whole point of escaping in the first place is to avoid XSS attacks  So be very careful when using escape syntax  especially if users in your application are providing the HTML themselves  they could inject their own code as they please

User · Answer

Please use       test        Only in case of HTML while if you want to render data  sting etc  use      test      This is because when your blade file is compiled       test    is converted to  lt  php echo e  test    gt  while        test     is converted to  lt  php echo  test   gt

User · Answer

If you want to escape the data use       html      If don t want to escape the data use        html       But till Laravel-4 you can use      HTML  link   auth logout    Sign Out   array  class    gt   btn btn-default btn-flat         When comes to Laravel-5       HTML  link   auth logout    Sign Out   array  class    gt   btn btn-default btn-flat           You can also do this with the PHP function     html entity decode  data       go through the PHP document for the parameters of this function  html entity decode - php net

User · Answer

You need to use       text       The string will auto escape when using     text

User · Answer

On controller   your variable        your variable      lt p gt Hello world lt  p gt     return view  viewname  - gt with  your variable    your variable   If you do not want your data to be escaped  you may use the following syntax       your variable      Output Hello world

User · Answer

You can do that using three ways first use if condition like below       text       The is Second way   lt td class  nowrap  gt   if   order- gt status     0         lt button class  btn btn-danger  gt Inactive lt  button gt   else      lt button class  btn btn-success  gt Active lt  button gt   endif  lt  td gt    The third and proper way for use ternary operator on blade   lt td class  nowrap  gt             order- gt status   0                 lt button class  btn btn-danger  gt Inactive lt  button gt                 lt button class  btn btn-success  gt Active lt  button gt       lt  td gt    I hope the third way is perfect for used ternary operator on blade

User · Answer

You can use      text     for render HTML code in Laravel       text       If you use       text      It will not render HTML code and print as a string

User · Answer

Use      text    to display data without escaping it  Just be sure that you don   t do this with data that came from the user and has not been cleaned

User · Answer

If you use the Bootstrap Collapse class sometimes      text      is not worked for me but    html entity decode  text     is worked for me

User · Answer

For laravel 5     html entity decode  text       Figured out through this link  see RachidLaasri answer

User · Answer

You can try this        text       You should have a look at  http   laravel com docs 5 0 upgrade upgrade-5 0

User · Answer

Try this  It worked for me      html entity decode  text       In Laravel Blade template        wil escape html  If you want to display html from controller in view  decode html from string

User · Answer

There is another way  If object purpose is to render html you can implement  Illuminate Contracts Support Htmlable contract that has toHtml   method   Then you can render that object from blade like this      someObject     note  no need for         syntax    Also if you want to return html property and you know it will be html  use  Illuminate Support HtmlString class like this   public function getProductDescription         return new HtmlString  this- gt description       and then use it like     product- gt getProductDescription        Of course be responsible when directly rendering raw html on page

User · Answer

you can do with many ways in laravel 5         text          html entity decode  text

User · Answer

For who using tinymce and markup within textarea      htmlspecialchars  text

[laravel] Laravel 5: Display HTML with Blade

Examples related to laravel

Examples related to laravel-5

Examples related to blade