phplaravelxss

Laravel safe way to output text with line breaks


When I insert data I dont sanetize the text in any way, I just do small things suck as making the first leter capital and striping linebreaks when there are more than two in a row.

So if I now output the text using:

{{ $text }}

I am safe since this way laravel strips any dangerous data/tags to prevent xss. But the problem now is that I dont have any linebreaks in the text.

So now I tried this:

{!! nl2br(e($text))!!}

This seems to work, I keep my linebreaks and things like <script>alert('xss');</script> gets output as normal text. But is this the proper way to output text safe in laravel while keeping linebreaks?


Solution

  • Yes, that's the correct way to achieve this.

    {{ $text }} is equivalent to {!! e($text) !!}.