Podcast
Get Unstuck
In the latest episode of the No Compromises podcast, we dig into Laravel's Stringable class and uncover how it can silently skip Blade’s automatic HTML escaping.
This is both a convenient feature and a potential security pitfall if user input isn’t properly sanitized.
You’ll learn practical ways to keep your views safe without losing the API's fluency.
- 00:00 Stringable can sidestep Blade escaping
- 03:45 Dangers of outputting un-sanitized HTML
- 05:45 Defensive strategies for safe rendering
- 08:45 Silly bit
And after listening, don't forget to subscribe to the podcast, so you don't miss future episodes.
Here to help,
Joel
P.S. Did you know we collect the tips from this newsletter and publish them as a quarterly volume for easier reference?