laravel 4 - 净化 Input::get() (e() vs HTML::entities in laravel 4)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18534158/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
laravel 4 - Sanitize Input::get() (e() vs HTML::entities in laravel 4)
提问by Hakim
I have read somewhere on the web that in the bladetemplate engine, the {{ }}automatically sanitize output.
我在网上的某个地方读到过,在blade模板引擎中,{{ }}自动清理输出。
But, what if I want to echoa sanitized Input::getfrom the controller. What is the best way to do it (e()which is just an htmlentitiesor HTML::entitiesor something else)?
但是,如果我想从控制器中echo消毒怎么办Input::get。什么是最好的方法(e()这只是一个htmlentities或HTML::entities或其他)?
回答by Laurence
I have read somewhere on the web that in the blade template engine, the {{ }} automatically sanitize output.
我在网上的某个地方读到过,在刀片模板引擎中,{{}} 会自动清理输出。
That is incorrect. You need to use three (3) curly braces to sanitize output {{{ }}}
那是不正确的。您需要使用三 (3) 个花括号来清理输出{{{ }}}
But, what if I want to echo a sanitized Input::get from the controller.
但是,如果我想从控制器回显经过处理的 Input::get 该怎么办。
You should not output from your controllers - you should do it from a view
你不应该从你的控制器输出 - 你应该从视图中输出
What is the best way to do it (e() which is just an htmlentities or HTML::entities or something else)?
什么是最好的方法(e() 只是一个 htmlentities 或 HTML::entities 或其他东西)?
Yes - e()is the best way to do it in Laravel 4.
是的 -e()是在 Laravel 4 中做到这一点的最佳方式。
On the backend, all that {{{ }}}is doing is actually changing to the equilivant of {{ e() }}anyway
在后端,所有{{{ }}}做的是真正改变到的equilivant{{ e() }}反正
Edit:in Laravel 5 both {{ }}and {{{ }}}now sanitize output. If you need to have unsantized output in Laravel 5 - you can use {!! !!}
编辑:在 Laravel 5{{ }}和{{{ }}}现在清理输出。如果您需要在 Laravel 5 中使用未经处理的输出 - 您可以使用{!! !!}
