0

Hey guys i am using tinymice , in my laravel admin panel that i have created, earlier this was just a textbox , so i would get content that looked like so:

I have a lovely garden in my house and i love it

Now with this richtextbox i get content stored in my table columb that looks like so:

<p>I Love Eggs and i&nbsp;Also Love to eat hame.</p>
<p>&nbsp;</p>
<p><strong>Yeah Danm ! hahah Thats funny.</strong></p>

I have the following code running in my view file:

@foreach($recentPost as $recent)

    <div class="col-md-6">
        <div class="indi-news-highlight-box">
            <a href="{!!  route('getArticle' , ['id' => $recent->id ]) !!}">
                <img src="{{ URL::asset('images/temp/blog-post-image.jpg') }}" alt="{!!  $recent->title  !!}">
            </a>
            <div class="content-box">
                <h3>
                    <a href="{!!  route('getArticle' , ['id' => $recent->id ]) !!}">
                        {{  $recent->title }}
                    </a>
                </h3>
                <p>
                    {{ $recent->blog_content }}
                </p>
            </div>      
        </div>
    </div>   <!-- End col-md-6 -->

@endForEach

The below part outputs the description which was grabbed from richtextbox:

<p>{{ $recent->blog_content }}</p>

Now i get the following in my frontEnd:

enter image description here

As you can see the HTML tags are output in the view itself , how do i prevent this ?? How do i prevent the HTML from outputting in my view ??.

I don't want remove the html tags LIKE HERE , I want to keep them , so i can do the styling in CSS , but i don't want the html tags displaying in my frontEnd , what is the solution to this ??

Improve this question
0

2 Answers 2

Reset to default
2

Display it as unescaped data link to Laravel docs

Blade is preventing XSS for you, but using the following syntax you can tell it not to do XSS prevention.

<p>{!! $recent->blog_content !!}</p>
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

thanks , will accept your answer ! :) that was easy :D .
Note that this is pretty bad practice, since anyone who can access your rich text editor can now execute JavaScript.
@Loek got it !! thanks :) , its a controlled environment , only i operate the admin panel :P , will give it a taught later , thanks for the heads up !!
0

Change the syntax 

    {{}}

to 

    {!! !!}

that is to say 

    {!! $recent->blog_content !!}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.