No Compromises

Understanding how Stringable works inside Blade views

Listen Later

Joel and Aaron dig into Laravel’s `Stringable` class and uncover how it can silently skip Blade’s automatic HTML escaping. They explain why that’s both a convenient feature and a potential security pitfall if user input isn’t properly sanitized. You’ll hear practical ways to keep your views safe without losing the API’s fluency.

  • (00:00) - Stringable can sidestep Blade escaping
  • (03:45) - Dangers of outputting unsanitized HTML
  • (05:45) - Defensive strategies for safe rendering
  • (08:45) - Silly bit

    • Sign up for a short, but useful, Laravel tip each day in our newsletter
    ...more
    View all episodesView all episodes
    Download on the App Store
    No CompromisesBy Joel Clermont and Aaron Saray
    • 4.9
    • 4.9
    • 4.9
    • 4.9
    • 4.9

    4.9

    8 ratings

    More shows like No Compromises

    View all
    The Laravel Podcast by Matt Stauffer

    The Laravel Podcast

    58 Listeners

    Startups For the Rest of Us by Rob Walling

    Startups For the Rest of Us

    701 Listeners

    Darknet Diaries by Jack Rhysider

    Darknet Diaries

    8,077 Listeners

    Notes On Work - by Caleb Porzio by Caleb Porzio

    Notes On Work - by Caleb Porzio

    18 Listeners

    The Stack Overflow Podcast by The Stack Overflow Podcast

    The Stack Overflow Podcast

    63 Listeners

    The Bootstrapped Founder by Arvid Kahl

    The Bootstrapped Founder

    35 Listeners

    All-In with Chamath, Jason, Sacks & Friedberg by All-In Podcast, LLC

    All-In with Chamath, Jason, Sacks & Friedberg

    10,254 Listeners

    Hard Fork by The New York Times

    Hard Fork

    5,576 Listeners

    Mostly Technical by Ian Landsman and Aaron Francis

    Mostly Technical

    27 Listeners