weixin_33739646 2014-12-24 10:59 采纳率: 0%
浏览 29

Laravel刀片逃生jQuery

In my laravel 4 project users can submit textarea data. I know I can escape user data with {{{ }}} in my views, But what should i do if i get the data with ajax ? It is a jquery variable i cant escape it with the brackets. For example if I handle response from ajax like :

$.each(response, function( key, value ) 
{
    $('#div').append('<div>'+value.notEscapedData+'<div>')
});

And the controller where the data comes from is for example.

$response = Data::all()
return $response;
  • 写回答

1条回答 默认 最新

  • weixin_33727510 2014-12-24 11:31
    关注

    You can either do it with javascript (and you will find plenty solutions on the internet. e.g. the link @Thrustmaster posted in the comments) or you can do it in Laravel.

    When you use Blades triple curly braces {{{ }}} it compiles to a call to e() (which then calls htmlentities)

    So you can use e('string-containing-html') to escape the string.

    You could use a model attribute accessor for the escaping but I suppose you will need the string unescaped sometimes so here are a two other options:

    toArray()

    Override the toArray() method in your model

    public function toArray(){
        $array = parent::toArray();
        $array['attribute_name'] = e($array['attribute_name']);
        return $array;
    }
    

    This way every time the model gets converted into an array (which is used for converting it into JSON=, the property will be escaped.

    Loop over it in your controller

    $data = Data::all();
    $data->each(function($d){
        $d->attribute_name = e($d->attribute_name);
    });
    return Response::json($data);
    
    评论

报告相同问题?

悬赏问题

  • ¥20 halcon 图像拼接
  • ¥15 webstorm上开发的vue3+vite5+typeScript打包时报错
  • ¥15 vue使用gojs,需求在link中的虚线上添加方向箭头
  • ¥15 CSS通配符清除内外边距为什么可以覆盖默认样式?
  • ¥15 SPSS分类模型实训题步骤
  • ¥100 求ASMedia ASM1184e & ASM1187e 芯片datasheet/规格书
  • ¥15 求解决扩散模型代码问题
  • ¥15 工创大赛太阳能电动车项目零基础要学什么
  • ¥20 limma多组间分析最终p值只有一个
  • ¥15 nopCommerce开发问题