Well in that example you have triple { and } I'm getting confused what are your output exactly. Maybe you can be more specific?
@araceus2000 i'm outputing just DB query, nothing more than that, but if someone puts <script>alert();</script> i can escape it with {{{ right? And this works fine on my local enviroment, but when i use this code on production side, it triggers this Javascript alert() function.
I'm still confused.
Okey the thing is are you showing the query in screen? And only want to show it in some cases?
I don't know if this is going to help you but I use this when I make a return and want to run a different function when the page is ready maybe you can use it or change the if for other cases when you want to use the alert.
@if(Session::has('return'))
<script>
$(function() {
{{Session::get('return')}}
});
</script>
@endif
I think the question being asked is simply: {{{}}} is working locally for escaping user submitted content when echoing to the screen, but it isn't working when pushed to development. So user content of malicious <script></script> Tag submitted by a user still bears the html tags even when {{{}}} is used to echo the content back.
As for an answer... Sorry!
Yes @opb, and the problem is solved. I don't know how, but it just worked after few hours of struggle.
Sign in to participate in this thread!
The Laravel portal for problem solving, knowledge sharing and community building.
The community