how to ignore iframe on blade Laravel

#Asking

Help me for my problem, when i built a website with Laravel

i am render my post with syntax like this :

<div>
  <p>{!! $post->content !!}</p>
</div>

but i have problem, when i insert a i frame inside post, because the html has been removed with {!! !!}.

i have to try use {{ $post->content }}, but all content rendered with HTML

Any solution to this problem? ?

Thanks very much

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

With {!! you paste content “as is”, in other words you become vulnerable to all types of issues like allowing <script> tags to be placed into your templates.

The {{ syntax will escape any HTML thus what you see is the actual html characters without actually parsing it (i.e. doing {{ '<b>bold</b>' }} will not result in a bold font but in the text <b>bold</b>).

Now with your problem: there are some cumbersome ways to filter out any html tags yourself and leave the <iframe>‘s in there (something like {!! only_iframe($content) !!}), but it is quite difficult and will likely not result in a safe solution.

Your own answer which stated that you used {!!html_entity_decode($post->content)!!} simply means that your HTML was encoded to start with, which is not something I can deduct from your question. Note that you are now vulnerable to malicious code injection if you are not certain you can control the contents of $post->content.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x