-
Notifications
You must be signed in to change notification settings - Fork 11.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[5.1] Fix for issue #10068 #10464
[5.1] Fix for issue #10068 #10464
Conversation
Please squash to one commit. |
Also, the email address you used on git needs adding to your GitHub so the commits get associated with you. |
It's probably safer to assume e is a function that was defined before, and is not guaranteed to be the one we see above us in the code. Fixing PSR StyleCI fix IDE put spaces there, and there shouldn't be any
Alright, think I squashed it and linked my account correctly. |
Can you add tests that should fail without your fix? |
I agree I would like to see a test or two that fails without the fix. |
I'm not sure where I would put an overall test for this fix, as my implementation changes the BladeCompiler. The full test won't show a fix until the Factory processes the compiled output and no longer sees '@parent'. I'm not sure where to write a single test that covers that process, so I wrote a couple tests for the various steps of it. I'm open to any input on where to write a full test for this. |
I think |
btw, to reduce verbosity, maybe it's time to replace |
I think that @vlakoff I think that use full php tag is better. Else, should be need replace it in all Laravel. |
|
Yeah I wouldn't call this |
Moving be() to BladeCompiler::escapeEntities();
I like pulling it out into the static function rather than have it be user land global. It makes more sense here, since it's specific functionality related to an internal tool. Thanks for the PR, @rentalhost! I can squash these down again if this is a solution that might be accepted. |
Shouldn't this be implemented in 5.2? |
I agree this belongs on 5.2, if at all. |
|
|
Exactly. In this case, I suggests make more tests avoiding 'hacks'. Maybe it causes more problem that solve others. |
👎 for ths. |
We need to just fix the actual issue instead of a workaround that's a bit dodgie. |
This merge fixes the issue (#10068) by adding a blade-specific version of the e() htmlentities shortcut. If we are echoing content in a blade file, we should likely be escaping any '@' characters we are echoing, as that character has special meaning to the Blade Interpreter. This change adds a blade escape helper function that replaces '@' with '@' - the htmlentities version of the character when it is inside of blade echo tags.
There is likely a more Blade-centric way to do this, but as the issue has existed for a while now I figured I would at least submit a fairly straightforward fix for this.