11 Replies - 877 Views - Last Post: 25 April 2020 - 12:17 PM Rate Topic: -----

#1 justawebuser   User is offline

  • D.I.C Head

Reputation: 5
  • View blog
  • Posts: 83
  • Joined: 09-February 14

The oparetor {{ }} generates escaped HTML

Posted 19 April 2020 - 01:44 AM

I have a method which returns a token and captcha HTML:

 public static function gen_form_token($has_captcha=false){
             ob_start();
             ?>
                <input type="hidden" name="_token" value="<?= csrf_token(); ?>">
                <?php if($has_captcha){ ?>
                <label for="captcha" dir='rtl'> جمع اعداد را وارد نمایید </label>
                <p> <?= \Captcha::img("math") ?> </p>
                <input type="text" name="captcha">
                <?php } ?>
    
    
             <?php
             return ob_get_clean();
    
         }

I call it like the following in a .blade.php file

{{ jet::gen_form_token(true) }}


It works but returns some escaped HTML. So HTML is shown instead of being interpreted.
While the following works fine and shows captcha

 <?= jet::gen_form_token(true) ?>


So what's the problem?

Is This A Good Question/Topic? 0
  • +

Replies To: The oparetor {{ }} generates escaped HTML

#2 justawebuser   User is offline

  • D.I.C Head

Reputation: 5
  • View blog
  • Posts: 83
  • Joined: 09-February 14

Re: The oparetor {{ }} generates escaped HTML

Posted 19 April 2020 - 01:51 AM

Sorry, It solved ASA I published it.I should use {!!!!} and I'm wondering why !! is not needed when I use {{csrf_field()}} . Anyway, thank you. I couldn't delete my question.

This post has been edited by justawebuser: 19 April 2020 - 01:52 AM

Was This Post Helpful? 0
  • +
  • -

#3 Splashsky   User is offline

  • D.I.C Addict
  • member icon

Reputation: 9
  • View blog
  • Posts: 565
  • Joined: 25-August 13

Re: The oparetor {{ }} generates escaped HTML

Posted 19 April 2020 - 06:36 AM

Please, for the love of Laravel don't use the ob_ functions - this is all handled by Laravel natively so you're writing additional unnecessary overhead. You also should be using a Blade Component for this functionality as well. If you make this function into a proper Component, you can use it in all your forms like so...
<x-form-token :captcha="true" />



I highly recommend reading about Components in the documentation.

Also, please don't inject the CSRF token field like you're doing here - the @csrf directive should be used in the Blade file inside the form you're making.
Was This Post Helpful? 1
  • +
  • -

#4 CTphpnwb   User is offline

  • D.I.C Lover
  • member icon

Reputation: 3837
  • View blog
  • Posts: 13,994
  • Joined: 08-August 08

Re: The oparetor {{ }} generates escaped HTML

Posted 19 April 2020 - 10:30 AM

One clue that you're doing something wrong is that you've got html in a class method. A function named gen_form_token should return a token. Nothing more.
Was This Post Helpful? 2
  • +
  • -

#5 Splashsky   User is offline

  • D.I.C Addict
  • member icon

Reputation: 9
  • View blog
  • Posts: 565
  • Joined: 25-August 13

Re: The oparetor {{ }} generates escaped HTML

Posted 19 April 2020 - 10:34 AM

View PostCTphpnwb, on 19 April 2020 - 10:30 AM, said:

One clue that you're doing something wrong is that you've got html in a class method. A function named gen_form_token should return a token. Nothing more.

This as well.

But further, you need to understand how Blade works - you can have a captcha Component you include wherever necessary, and then pull in the CSRF token by the @csrf directive. You don't need this function or a fix for what your problem was, you need to understand how Blade itself works.

If you're really interested in using Laravel long term, Laracasts and specifically their From Scratch series are the best sources for learning Laravel in a non-boring way.

Please, please do yourself a favor and learn the framework you're working with.

P.S. the From Scratch series mentioned is free - you don't need to pay for membership to watch the whole series.

This post has been edited by Splashsky: 19 April 2020 - 10:35 AM

Was This Post Helpful? 1
  • +
  • -

#6 justawebuser   User is offline

  • D.I.C Head

Reputation: 5
  • View blog
  • Posts: 83
  • Joined: 09-February 14

Re: The oparetor {{ }} generates escaped HTML

Posted 19 April 2020 - 08:27 PM

Dear @Splashsky Thank you, I have moved my whole project to Laravel there are only two important pages left which today I will make them work, Running and working without errors is my only concern at the moment because I want to get rid of updating the old project. Then I will start refactoring and learn the right ways of doing things in Laravel. Thank you, bro.
Was This Post Helpful? 0
  • +
  • -

#7 Splashsky   User is offline

  • D.I.C Addict
  • member icon

Reputation: 9
  • View blog
  • Posts: 565
  • Joined: 25-August 13

Re: The oparetor {{ }} generates escaped HTML

Posted 20 April 2020 - 05:30 AM

View Postjustawebuser, on 19 April 2020 - 08:27 PM, said:

Dear @Splashsky Thank you, I have moved my whole project to Laravel there are only two important pages left which today I will make them work, Running and working without errors is my only concern at the moment because I want to get rid of updating the old project. Then I will start refactoring and learn the right ways of doing things in Laravel. Thank you, bro.

Understandable, my dude! I didn't mean to come off as aggressive if I did, I'm just passionate about Laravel. I wish you the best of luck in making an awesome project with the framework. :)
Was This Post Helpful? 1
  • +
  • -

#8 justawebuser   User is offline

  • D.I.C Head

Reputation: 5
  • View blog
  • Posts: 83
  • Joined: 09-February 14

Re: The oparetor {{ }} generates escaped HTML

Posted 25 April 2020 - 01:34 AM

I'm Back Splashsky :)

Thank You for your passionate about Laravel :)

I have made this anonymous component :

@props(['captcha' => false])

{{ csrf_field() }}

@if($captcha)

<label for="captcha" dir='rtl'> جمع اعداد را وارد نمایید </label>
<p> {{\Captcha::img("math")}}   </p>
<input type="text" name="captcha">

@endif



And I use it like you said
<x-form-token :captcha=true />


But the result is escaped HTML.
How can I disable escaping for components?

Thanks in advance
Was This Post Helpful? 0
  • +
  • -

#9 CTphpnwb   User is offline

  • D.I.C Lover
  • member icon

Reputation: 3837
  • View blog
  • Posts: 13,994
  • Joined: 08-August 08

Re: The oparetor {{ }} generates escaped HTML

Posted 25 April 2020 - 07:17 AM

https://captcha.com/...el-captcha.html
uses
  {!! captcha_image_html('ExampleCaptcha') !!}

and
https://www.itsoluti...l-5example.html
uses
{!! captcha_img() !!}

Was This Post Helpful? 1
  • +
  • -

#10 Splashsky   User is offline

  • D.I.C Addict
  • member icon

Reputation: 9
  • View blog
  • Posts: 565
  • Joined: 25-August 13

Re: The oparetor {{ }} generates escaped HTML

Posted 25 April 2020 - 07:40 AM

While CTphpnwb is right, you should be instantiating the captcha link and all that jazz in the constructor of your component. e.g. $this->captchaImage = \Captcha::img("math");, then replace {{ \Captcha::img("math") }} with {{ $captchaImage }}. The idea is that your template should do as little processing as possible - data should be fed to the view through the proper channels. In the case of a component, this is via the component's constructor.
Was This Post Helpful? 2
  • +
  • -

#11 CTphpnwb   User is offline

  • D.I.C Lover
  • member icon

Reputation: 3837
  • View blog
  • Posts: 13,994
  • Joined: 08-August 08

Re: The oparetor {{ }} generates escaped HTML

Posted 25 April 2020 - 12:11 PM

To expand on what Splashsky is saying, your controller should do little more than call methods from various services and send information to the view, which should generate the html. By the time the view is called, the business logic should be done.

This post has been edited by CTphpnwb: 25 April 2020 - 12:11 PM

Was This Post Helpful? 0
  • +
  • -

#12 Splashsky   User is offline

  • D.I.C Addict
  • member icon

Reputation: 9
  • View blog
  • Posts: 565
  • Joined: 25-August 13

Re: The oparetor {{ }} generates escaped HTML

Posted 25 April 2020 - 12:17 PM

Completely right - the Controller should do all the business-level logic. However, in a Laravel application with Components, Components should be responsible for their own logic - thus why I specified the captcha logic of this component should be in the Component's respective class.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1