Episode 127
Understanding how Stringable works inside Blade views
No Compromises · Joel Clermont and Aaron Saray
May 24, 202510m 58s
Audio is streamed directly from the publisher (media.transistor.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Joel and Aaron dig into Laravel’s `Stringable` class and uncover how it can silently skip Blade’s automatic HTML escaping. They explain why that’s both a convenient feature and a potential security pitfall if user input isn’t properly sanitized. You’ll hear practical ways to keep your views safe without losing the API’s fluency.
- (00:00) - Stringable can sidestep Blade escaping
- (03:45) - Dangers of outputting unsanitized HTML
- (05:45) - Defensive strategies for safe rendering
- (08:45) - Silly bit
Sign up for a short, but useful, Laravel tip each day in our newsletter
Topics
LaravelPHP