Roots Discourse

Blade return html from acf - is it safe?

Hi,

I have a project where I use ACF blocks. Some text field I will return with unescaped data. Description, links. I use for it {!! !!} one curly brace and exclamation marks. Everything works, but right now I am thinking -is it safe? Laravel in documentation recommend use double curly braces to prevent XSS. But If I don’t use any forms. Just text will be displayed. It will be safe? I decide to return text block as html because that will be easier for my client to change h1 h2 h3 tags or adding some new links in text.

This topic was automatically closed after 42 days. New replies are no longer allowed.