Laravel blade decode HTML Special Characters

If I have a post title like this: My new post - chapter 1

{{ get_the_title() }} return My new post – chapter 1

Does anyone have a solution for this issue, instead change to {!! get_the_title() !!}?

Have you tried using {!! get_the_title() !!}?

1 Like

Yes, it’s worked. But how about security?

1 Like

As the Blade docs state {!! !!} displays unescaped data, so you are theoretically more vulnerable to a XSS attack. If that makes you uncomfortable, you have a few options:

  • Don’t allow users to enter the data returned by get_the_title()
  • Processes that data before it is displayed in a way that allows you to feel satisfied that you have addressed your XSS attack vulnerabilty
  • Do not use characters that need to be escaped in the data returned by get_the_title()

Thanks @alwaysblank. I believe that the second option is the better.

A possible solution:

add_filter('the_title', function($title, $id = null){
    return html_entity_decode($title);