Displays JSON data in the Blade view, custom escape rules (unconverts “(double quotes) to HTML entities) for frontend resolution
1. The existing code is implemented as follows
"url": "{{ json_encode($item['url_object']) }}",
2. The final generated JSON data structure is as follows:
"url": "{"ID":18,"title":"summer","object":"product_cat","object_id":18,"children":[],"url":"/collections/summer","key":3991}",
3. The Blade {{ }} statement is automatically passed through PHP’s HtmlSpecialChars function to prevent XSS attacks. Therefore, you need {!! !!} to prevent the “(double quotes) from being converted into HTML entities.
"url": "{!! htmlspecialchars(json_encode($item['url_object']), ENT_NOQUOTES | ENT_HTML401) !!}",
4. However, the generated JSON structure is wrong. The reason is that the value of the URL is not escaped. as shown in Figure 1
Figure 1
{
"image": "",
"mobile_image": "",
"url": "{"ID":18,"title":"summer","object":"product_cat","object_id":18,"children":[],"url":"\/collections\/summer","key":3991}",
"title": "summer"
}
5. Use addcslashes — Use the characters in the backslash to escape the characters in C style.
"url": "{!! htmlspecialchars(addcslashes(json_encode($item['url_object']), "\f\n\r\t\\\""), ENT_NOQUOTES | ENT_HTML401) !!}",
6. The generated JSON structure is correct. as shown in Figure 2
Figure 2
{
"url": "{\"ID\":18,\"title\":\"summer\",\"object\":\"product_cat\",\"object_id\":18,\"children\":[],\"url\":\"\\/collections\\/summer\",\"key\":3991}",
"image": "",
"title": "summer",
"mobile_image": ""
}
