图1
1、现有代码实现如下
"url": "{{ json_encode($item['url_object']) }}",
2、最终生成的 JSON 数据结构如下:
"url": "{"ID":18,"title":"summer","object":"product_cat","object_id":18,"children":[],"url":"/collections/summer","key":3991}",
3、Blade {{ }} 语句是自动经过 PHP 的 htmlspecialchars 函数传递来防范 XSS 攻击的。因此,需要 {!! !!},防止将 ” (双引号) 转换为 HTML 实体。
"url": "{!! htmlspecialchars(json_encode($item['url_object']), ENT_NOQUOTES | ENT_HTML401) !!}",
4、但是,生成的 JSON 结构错误。原因在于 url 的值未转义。如图1
{
"image": "",
"mobile_image": "",
"url": "{"ID":18,"title":"summer","object":"product_cat","object_id":18,"children":[],"url":"\/collections\/summer","key":3991}",
"title": "summer"
}
5、使用addcslashes — 以 C 语言风格使用反斜线转义字符串中的字符。
"url": "{!! htmlspecialchars(addcslashes(json_encode($item['url_object']), "\f\n\r\t\\\""), ENT_NOQUOTES | ENT_HTML401) !!}",
6、生成的 JSON 结构正确。如图2
{
"url": "{\"ID\":18,\"title\":\"summer\",\"object\":\"product_cat\",\"object_id\":18,\"children\":[],\"url\":\"\\/collections\\/summer\",\"key\":3991}",
"image": "",
"title": "summer",
"mobile_image": ""
}