转义刀片中的所有html
[英]Escaping all html in a blade
问题描述
I want to send different branded emails. 
我想发送不同品牌的电子邮件。 I'm storing the email HTML in the DB because I have an email builder that you just upload an email template made from sendgrid ect and I am passing it to the view blade and escaping all of it. 我将电子邮件HTML存储在数据库中,因为我有一个电子邮件构建器,您只需上载由sendgrid ect制作的电子邮件模板,然后将其传递给视图刀片并对其进行转义。 {!!$allhtmlcontent!!} But then the variables withing the HTML are escaped too and come out like {{$variable}} is there any way to render the blade twice once to pass the HTML with the variables then to pass all the variables in then as well. {!!$allhtmlcontent!!}但是{!!$allhtmlcontent!!} HTML的变量也被转义,并且像{{$variable}}一样出来,有什么方法可以将刀片两次渲染一次,以将HTML和变量一起传递,然后传递所有变量也是如此。
I already tried formatting into a string and looking for the variables in the string and pass the whole html string into the blade then. 我已经尝试过格式化为字符串并在字符串中寻找变量,然后将整个html字符串传递到刀片中。
$emailBlade = CentreEmailTemplate::where('centre_id', $tenant->centre_id)->where('email_template_type_id', 2)->get(); //getting html content
$html = View('emails.Login.LoginDynamic',['html'=>$emailBlade[0]->html_template]); // passing the html content into the blade
$view = $html->render([ // i know this doesnt work :( just demo
'mgrName' => $tenant->name,
'fileUrl' => $fileUrl,
'messageTotal' => $messageTotal,
'isMessageGreater' => $isGreater->message,
'visitorTotal' => $visitorTotal,
'isVisitorGreater' => $isGreater->visitor, //variables that need passed into the html content
'dwellTotal' => $dwellTotal,
'isDwellGreater' => $isGreater->dwell,
'conTotal' => $conTotal,
'isConGreater' => $isGreater->con,
'conRateTotal' => $conRateAvg,
'isConRateGreater' => $isGreater->conRate
]);
just outputs the actual variable name instead of the value. 只输出实际的变量名而不是值。
Thanks in Advance.. 提前致谢..
1 个解决方案
解决方案1
1 已采纳 2019-07-25 16:10:49
One possible solution that I can think of: 我想到的一种可能的解决方案:
$emailBlade = CentreEmailTemplate::where('centre_id', $tenant->centre_id)->where('email_template_type_id', 2)->get()[0]->html_template; //getting html content
$variables = ['{{$mgrName}}' , '{{$fileUrl}}']; //lets say you have two variables
$values = [$tenant->name , $fileUrl];
$email = str_replace($variables , $values , $emailBlade); //now variables are replaced with their values.
Then, in your 'emails.Login.LoginDynami' blade file: 然后,在您的'emails.Login.LoginDynami'刀片文件中:
{!! $email !!}
I think what mentioned above is best solution. 我认为上述是最佳解决方案。 However as you mentioned that you are already tried this. 但是,正如您提到的那样,您已经尝试过了。 I can suggest another solution: 我可以建议另一个解决方案:
Another possible solution is the use of eval() . 另一种可能的解决方案是使用eval() 。 eval() will evaluate the string as PHP. eval()将字符串评估为PHP。 To use eval() you should first compile the blade string to PHP. 要使用eval()您应该首先将刀片字符串编译为PHP。 which means the {{$variable}} should become something like <?php echo $variable ?> . 这意味着{{$$ variable}}应该类似于<?php echo $variable ?> 。 to do that you can use Blade::compileString($emailBlade) . 为此,您可以使用Blade::compileString($emailBlade) 。 Then you use eval. 然后,您使用eval。
However you should be careful about eval. 但是,您应谨慎评估。 Because you are allowing arbitrary PHP code execution. 因为您允许执行任意PHP代码。 Therefore if any of the variables are provided by user you should sanitize them. 因此,如果用户提供了任何变量,则应清除它们。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.