Roots Discourse

Blade return html from acf - is it safe?


I have a project where I use ACF blocks. Some text field I will return with unescaped data. Description, links. I use for it {!! !!} one curly brace and exclamation marks. Everything works, but right now I am thinking -is it safe? Laravel in documentation recommend use double curly braces to prevent XSS. But If I don’t use any forms. Just text will be displayed. It will be safe? I decide to return text block as html because that will be easier for my client to change h1 h2 h3 tags or adding some new links in text.