Question

您好我是laravel的新手，我尝试将HTML添加到<h6>字段，如下图所示。

它会像这样显示在页面源中

我的问题是为什么它不能在浏览器中呈现？ Laravel在这里做了什么？

我的刀片代码：

   @extends('layouts')

<div class="row">
    <div class='col-md-6 offset-md-3'   >
    @section('content')
    <h1>{{$card->title}}</h1>

    {{$card->created_at}}


    <br>
    <ul class="list-group">
    @foreach($card->notes as $note)

    <li class="list-group-item">
        <h6>{{$note->body}}</h6> <button class="btn btn-info btn-sm" onclick="togglediv('divform{{$note->id}}')" >Edit</button>

        <div class="col-md-6 offset-md-3" id="divform{{$note->id}}" style="display: none;">
    <hr>
<form action="/notes/{{$note->id}}/edit" method="POST">
  {{ csrf_field() }}
  {{ method_field('PATCH') }}
  <div class="form-group">
    <label for="exampleInputPassword1"><h6>Edit the note</h6></label>
    <input type="text-area" name="body" class="form-control" id="body" placeholder="{{$note->body}}">
  </div>


  <button type="submit" class="btn btn-success btn-sm">Done</button>
</form>
</div>


    </li>


    @endforeach


<script type="text/javascript">function togglediv(id) {
    var div = document.getElementById(id);
    div.style.display = div.style.display == "none" ? "block" : "none";
}</script>






    </ul>
</div>
</div>
@endsection

@section('footer')

<br>
<div class="col-md-6 offset-md-3">
    <hr>
<form action="/cards/{{$card->id}}/notes" method="POST">
  {{ csrf_field() }}
  <div class="form-group">
    <label for="exampleInputPassword1"><h3>Add a new note</h3></label>
    <input type="text-area" name="body" class="form-control" id="body" placeholder="Body">
  </div>


  <button type="submit" class="btn btn-primary">Add Note</button>
</form>
</div>
@endsection

Answer 1

如果您不希望使用以下语法输出html

，则转义您的html

  {!!$note->body!!}

更多info

Laravel如何保护自己免受html注入？

1 个答案: