laravel-seo icon indicating copy to clipboard operation
laravel-seo copied to clipboard

Published 20 hours ago verified publisher icon ralphjsmit

Escaping fields

Open AiAe opened this issue 1 year ago • 0 comments

Any specific reason why the library is not escaping fields?

Since we are required to allow html from

{!! seo()->for($SEOData) !!}

Then when I provide for example custom content like title/description and if it contains any HTML it will render it.

For example:

'SEOData' => new SEOData(
                title: 'Something</title><h1>test</h1><title></title>',
                description: '',
            ),

This will render the test on top of the page.

Sure i can solve the problem by adding e('string') everywhere but its a risk if someone forgets.

AiAe avatar Apr 01 '23 20:04 AiAe