Laravel e函数(htmlentities)无法完全正常运行,脚本仍然可以执行(仅一次) [英] Laravel e function (htmlentities) is not fully working, scripts can still be executed (only once)
问题描述
我正在尝试在Laravel中使用e函数,该函数等效于htmlentities PHP函数.
I am trying to use the e function in Laravel which is equivalent to the htmlentities PHP function.
在我的表单"视图和Controller中,我试图保存一个使用如下e函数的文档:
In my Form view and Controller I am trying to save a document that uses the e function which looks like this:
表单视图:
{{ Form::text('client_name') }}
控制器:
$client = new Client;
$client->client_name = e(Input::get('client_name'));
$client->save();
说我在客户端名称字段中写了<script type="text/javascript">alert('gotcha!');</script>
.然后,我将其保存到数据库,但是当保存到db后重定向时,它将运行一次此脚本!同样只是为了确保e函数正常工作,我查看了我的数据库,并按预期进行了操作:
Say I wrote <script type="text/javascript">alert('gotcha!');</script>
into the client_name field. I then save it to database but when it redirects after it saves to db, it runs this script once! Also just to make sure that the e function was working correctly I looked into my db and it is as expected:
"<script type="text/javascript">alert('gotcha!');</script>"
我的问题是如何避免执行JavaScript alert('gotcha')
??
My question is how can I avoid executing that javascript alert('gotcha')
??
还是将这个e函数或htmlentities函数放在错误的位置?'
Or am I putting this e function or the htmlentities function in the wrong place?'
谢谢!
推荐答案
您在错误的位置运行了e().转义最好保存为数据输出而不是输入.
You are running the e() at the wrong place. Escaping is best saved for output of data - not the input.
您的控制器应执行以下操作:
Your controller should do this:
$client = new Client;
$client->client_name = Input::get('client_name');
$client->save();
您可以在表单"视图中进行以下操作-因为表单"会自动转义"数据
Your Form view is ok with the following - because Form "escapes" the data automatically
{{ Form::text('client_name') }}
但是在创建客户端并进行重定向之后-我敢打赌,您正在执行此操作
But after you create the client and do the redirect - I bet somewhere you are doing this
{{ $client->client_name }}
您应该将其更改为此
{{{ $client->client_name }}}
请注意第三个{}-它会自动为您转义数据
Note the third { } - which will automatically escape the data for you
这篇关于Laravel e函数(htmlentities)无法完全正常运行,脚本仍然可以执行(仅一次)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!