Joel and Aaron dig into Laravel’s `Stringable` class and uncover how it can silently skip Blade’s automatic HTML escaping. They explain why that’s both a convenient feature and a potential security pitfall if user input isn’t properly sanitized. You’ll hear practical ways to keep your views safe without losing the API’s fluency.
- (00:00) - Stringable can sidestep Blade escaping
- (03:45) - Dangers of outputting unsanitized HTML
- (05:45) - Defensive strategies for safe rendering
- (08:45) - Silly bit
Sign up for a short, but useful, Laravel tip each day in
our newsletter
Episode 127
