According to this:
Is this Blade sanitation working correctly (double vs triple curly braces)?
Double curly brackets is unfiltered and Triple curly brackets is escaped with the e() method.
But when I tried it I found that:
{{ '<script>console.log("hello")</script>' }}
outputs the same as:
{{{ '<script>console.log("hello")</script>' }}}
In other words, both were sanitised.
So what's the difference??? Is this something to do with an update to Laravel 5 vs Laravel 4?
from Newest questions tagged laravel-5 - Stack Overflow http://ift.tt/1IBatvn
via IFTTT
Aucun commentaire:
Enregistrer un commentaire