php-debugbar icon indicating copy to clipboard operation
php-debugbar copied to clipboard

Published 20 hours ago verified publisher icon maximebf

Support html messages on MessagesCollector

Open erikn69 opened this issue 10 months ago • 3 comments

From https://github.com/barryvdh/laravel-debugbar/issues/1654#issuecomment-2637599284

Unfortunately, no URLs allowed

Debugbar::getCollector('Quick Links')->addMessage('<a href="https://google.com">Test</a>');

image

Now:

Debugbar::getCollector('Quick Links')->addMessage('<a href="https://google.com">Test</a>', 'links', false);

image

erikn69 avatar Feb 07 '25 16:02 erikn69

Wouldn't this lead to possible XSS? Although the parameter should be given explicitly.

barryvdh avatar Feb 07 '25 19:02 barryvdh

The third argument must be sent as false, by default it is true, basically you have to force the printing of html, also this package should only be used for development, not in production, but if it is a security risk it would be better to discard this PR

erikn69 avatar Feb 07 '25 19:02 erikn69

You could also use the third argument to indicate that it should be formatted to a specific lang for highlightjs, here is an example indicating xml

->addMessage("<?xml version='1.0' encoding='UTF-8'?>\n<iva>\n\t<TypoIDInfor>R</TypoIDInfor>\n\t<IdInfor>0000</IdInfor>\n\t<rSocial>BM SA</rSocial>\n\t<year>2025</year>\n\t<month>01</month>\n</iva>", 'data', 'xml');

image

erikn69 avatar Feb 18 '25 20:02 erikn69