If I have a post title like this: My new post - chapter 1
{{ get_the_title() }} return My new post – chapter 1
Does anyone have a solution for this issue, instead change to {!! get_the_title() !!}?
Have you tried using {!! get_the_title() !!}?
1 Like
Yes, it’s worked. But how about security?
1 Like
As the Blade docs state {!! !!} displays unescaped data, so you are theoretically more vulnerable to a XSS attack. If that makes you uncomfortable, you have a few options:
- Don’t allow users to enter the data returned by
get_the_title() - Processes that data before it is displayed in a way that allows you to feel satisfied that you have addressed your XSS attack vulnerabilty
- Do not use characters that need to be escaped in the data returned by
get_the_title()
3 Likes
Thanks @alwaysblank. I believe that the second option is the better.
A possible solution:
add_filter('the_title', function($title, $id = null){
return html_entity_decode($title);
});