Support the ongoing development of Laravel.io →
imchivaa
posted 11 years ago
Security Input

I know that laravel's e() function will sanitize any input passed it ex : e($Input); , this will sanitize whatever the $Input string is.

Now how can i whitelisting some html entities with e() function in laravel 4? Is that possible?

Let's say i want to whitelist the <img> tag so everything will be filtered except the <img> tag.

Thanks.

Last updated 3 years ago.
0
barryvdh
replied 11 years ago
Solution

You can't. If you want to allow html, use http://www.php.net/strip_tags

Last updated 3 years ago.
0
imchivaa
replied 11 years ago

I understand that using strip_tags will allow me to pass in second parameter so i can whitelisting some html entities but will it by default (without passing any whitelisting parameter) sanitize everything just like e() ?

Last updated 3 years ago.
0
barryvdh
replied 11 years ago

Strip_tags strips the tags, htmlentities converts the html tags, so you can read the tags, but they aren't parsed as HTML. So they are not the same.

Last updated 3 years ago.
0

Sign in to participate in this thread!

PHPverse

Your banner here too?

imchivaa imchivaa Joined 19 Mar 2014

Moderators

We'd like to thank these amazing companies for supporting us

PhpStorm NativePHP
Fathom
Forge
Envoyer
Beyond Code
BairesDev
N-iX

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X (Twitter) Bluesky Bluesky GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2025 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise