Understanding how Stringable works inside Blade views

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/9c/42/96/9c429693-a57f-0804-772a-302e453cc9c8/mza_16982737108441617533.jpg/600x600bb.jpg

No Compromises

Joel Clermont and Aaron Saray

139 episodes

1 day ago

Two seasoned salty programming veterans talk best practices based on years of working with Laravel SaaS teams.

Technology

RSS

All content for No Compromises is the property of Joel Clermont and Aaron Saray and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Two seasoned salty programming veterans talk best practices based on years of working with Laravel SaaS teams.

Technology

Understanding how Stringable works inside Blade views

No Compromises

10 minutes

5 months ago

Understanding how Stringable works inside Blade views

Joel and Aaron dig into Laravel’s `Stringable` class and uncover how it can silently skip Blade’s automatic HTML escaping. They explain why that’s both a convenient feature and a potential security pitfall if user input isn’t properly sanitized. You’ll hear practical ways to keep your views safe without losing the API’s fluency.

(00:00) - Stringable can sidestep Blade escaping
(03:45) - Dangers of outputting unsanitized HTML
(05:45) - Defensive strategies for safe rendering
(08:45) - Silly bit