From a22fa61c5349d992f9bb54f281fcd6e0f8ab9956 Mon Sep 17 00:00:00 2001 From: Cristian Tabacitu Date: Tue, 5 Oct 2021 13:14:23 +0200 Subject: [PATCH 1/4] default to escape true on all column types --- src/resources/views/crud/columns/array.blade.php | 2 +- src/resources/views/crud/columns/array_count.blade.php | 2 +- src/resources/views/crud/columns/closure.blade.php | 2 +- src/resources/views/crud/columns/custom_html.blade.php | 2 +- src/resources/views/crud/columns/markdown.blade.php | 2 +- src/resources/views/crud/columns/model_function.blade.php | 2 +- .../views/crud/columns/model_function_attribute.blade.php | 2 +- src/resources/views/crud/columns/relationship_count.blade.php | 4 ++-- src/resources/views/crud/columns/textarea.blade.php | 2 +- 9 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/resources/views/crud/columns/array.blade.php b/src/resources/views/crud/columns/array.blade.php index d577c84bea..b2dc5b9f3c 100644 --- a/src/resources/views/crud/columns/array.blade.php +++ b/src/resources/views/crud/columns/array.blade.php @@ -1,7 +1,7 @@ {{-- enumerate the values in an array --}} @php $value = data_get($entry, $column['name']); - $column['escaped'] = $column['escaped'] ?? false; + $column['escaped'] = $column['escaped'] ?? true; $column['prefix'] = $column['prefix'] ?? ''; $column['suffix'] = $column['suffix'] ?? ''; diff --git a/src/resources/views/crud/columns/array_count.blade.php b/src/resources/views/crud/columns/array_count.blade.php index d2ae7afb05..26cadda694 100644 --- a/src/resources/views/crud/columns/array_count.blade.php +++ b/src/resources/views/crud/columns/array_count.blade.php @@ -2,7 +2,7 @@ @php $array = data_get($entry, $column['name']); - $column['escaped'] = $column['escaped'] ?? false; + $column['escaped'] = $column['escaped'] ?? true; $column['prefix'] = $column['prefix'] ?? ''; $column['suffix'] = $column['suffix'] ?? 'items'; $column['text'] = '-'; diff --git a/src/resources/views/crud/columns/closure.blade.php b/src/resources/views/crud/columns/closure.blade.php index 7b35d8a3cf..912db0c6ee 100644 --- a/src/resources/views/crud/columns/closure.blade.php +++ b/src/resources/views/crud/columns/closure.blade.php @@ -1,6 +1,6 @@ {{-- closure function column type --}} @php - $column['escaped'] = $column['escaped'] ?? false; + $column['escaped'] = $column['escaped'] ?? true; $column['text'] = $column['function']($entry); $column['prefix'] = $column['prefix'] ?? ''; $column['suffix'] = $column['suffix'] ?? ''; diff --git a/src/resources/views/crud/columns/custom_html.blade.php b/src/resources/views/crud/columns/custom_html.blade.php index 41da9578b8..653779ac79 100644 --- a/src/resources/views/crud/columns/custom_html.blade.php +++ b/src/resources/views/crud/columns/custom_html.blade.php @@ -1,6 +1,6 @@ @php $column['text'] = $column['value'] ?? ''; - $column['escaped'] = $column['escaped'] ?? false; + $column['escaped'] = $column['escaped'] ?? true; $column['prefix'] = $column['prefix'] ?? ''; $column['suffix'] = $column['suffix'] ?? ''; diff --git a/src/resources/views/crud/columns/markdown.blade.php b/src/resources/views/crud/columns/markdown.blade.php index 0c1ae79d00..101f9bb2ab 100644 --- a/src/resources/views/crud/columns/markdown.blade.php +++ b/src/resources/views/crud/columns/markdown.blade.php @@ -1,6 +1,6 @@ @php $column['text'] = Illuminate\Mail\Markdown::parse($entry->{$column['name']} ?? ''); - $column['escaped'] = $column['escaped'] ?? false; + $column['escaped'] = $column['escaped'] ?? true; $column['prefix'] = $column['prefix'] ?? ''; $column['suffix'] = $column['suffix'] ?? ''; diff --git a/src/resources/views/crud/columns/model_function.blade.php b/src/resources/views/crud/columns/model_function.blade.php index 1aaf440d7f..4052058731 100644 --- a/src/resources/views/crud/columns/model_function.blade.php +++ b/src/resources/views/crud/columns/model_function.blade.php @@ -2,7 +2,7 @@ @php $value = $entry->{$column['function_name']}(...($column['function_parameters'] ?? [])); - $column['escaped'] = $column['escaped'] ?? false; + $column['escaped'] = $column['escaped'] ?? true; $column['limit'] = $column['limit'] ?? 40; $column['prefix'] = $column['prefix'] ?? ''; $column['suffix'] = $column['suffix'] ?? ''; diff --git a/src/resources/views/crud/columns/model_function_attribute.blade.php b/src/resources/views/crud/columns/model_function_attribute.blade.php index 0a1c81bff1..f36551ecdd 100644 --- a/src/resources/views/crud/columns/model_function_attribute.blade.php +++ b/src/resources/views/crud/columns/model_function_attribute.blade.php @@ -3,7 +3,7 @@ $model_function = $entry->{$column['function_name']}(...($column['function_parameters'] ?? [])); $value = $model_function ? $model_function->{$column['attribute']} : ''; - $column['escaped'] = $column['escaped'] ?? false; + $column['escaped'] = $column['escaped'] ?? true; $column['limit'] = $column['limit'] ?? 40; $column['prefix'] = $column['prefix'] ?? ''; $column['suffix'] = $column['suffix'] ?? ''; diff --git a/src/resources/views/crud/columns/relationship_count.blade.php b/src/resources/views/crud/columns/relationship_count.blade.php index bc4ece4ecb..870e0eeb4c 100644 --- a/src/resources/views/crud/columns/relationship_count.blade.php +++ b/src/resources/views/crud/columns/relationship_count.blade.php @@ -2,7 +2,7 @@ @php $value = data_get($entry, $column['name'])->count(); - $column['escaped'] = $column['escaped'] ?? false; + $column['escaped'] = $column['escaped'] ?? true; $column['prefix'] = $column['prefix'] ?? ''; $column['suffix'] = $column['suffix'] ?? ' items'; $column['text'] = ''; @@ -20,4 +20,4 @@ {!! $column['text'] !!} @endif @includeWhen(!empty($column['wrapper']), 'crud::columns.inc.wrapper_end') - \ No newline at end of file + diff --git a/src/resources/views/crud/columns/textarea.blade.php b/src/resources/views/crud/columns/textarea.blade.php index 61fbd6f2bf..86cb07bb44 100644 --- a/src/resources/views/crud/columns/textarea.blade.php +++ b/src/resources/views/crud/columns/textarea.blade.php @@ -2,7 +2,7 @@ @php $value = data_get($entry, $column['name']); $column['text'] = is_string($value) ? $value : ''; - $column['escaped'] = $column['escaped'] ?? false; + $column['escaped'] = $column['escaped'] ?? true; $column['prefix'] = $column['prefix'] ?? ''; $column['suffix'] = $column['suffix'] ?? ''; From d7a117da49973a24df1fbbea462f8e26abcf0f53 Mon Sep 17 00:00:00 2001 From: Cristian Tabacitu Date: Fri, 8 Oct 2021 15:23:29 +0300 Subject: [PATCH 2/4] markdown column strips out HTML when escaped --- .../views/crud/columns/markdown.blade.php | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/resources/views/crud/columns/markdown.blade.php b/src/resources/views/crud/columns/markdown.blade.php index 101f9bb2ab..1243e4ac3f 100644 --- a/src/resources/views/crud/columns/markdown.blade.php +++ b/src/resources/views/crud/columns/markdown.blade.php @@ -1,8 +1,14 @@ @php - $column['text'] = Illuminate\Mail\Markdown::parse($entry->{$column['name']} ?? ''); $column['escaped'] = $column['escaped'] ?? true; $column['prefix'] = $column['prefix'] ?? ''; $column['suffix'] = $column['suffix'] ?? ''; + $column['text'] = $entry->{$column['name']} ?? ''; + + // if needed, strip out HTML from the text + $column['text'] = $column['escaped'] ? strip_tags($column['text']) : $column['text']; + + // turn the text into markdown + $column['text'] = Illuminate\Mail\Markdown::parse($column['text']); if(!empty($column['text'])) { $column['text'] = $column['prefix'].$column['text'].$column['suffix']; @@ -10,10 +16,6 @@ @endphp @includeWhen(!empty($column['wrapper']), 'crud::columns.inc.wrapper_start') - @if($column['escaped']) - {{ $column['text'] }} - @else - {!! $column['text'] !!} - @endif + {!! $column['text'] !!} @includeWhen(!empty($column['wrapper']), 'crud::columns.inc.wrapper_end') From 70c1259cea19e5f417616ae4298ee4f9a219dce2 Mon Sep 17 00:00:00 2001 From: Cristian Tabacitu Date: Fri, 8 Oct 2021 15:24:24 +0300 Subject: [PATCH 3/4] custom_html column should default to escaped false --- src/resources/views/crud/columns/custom_html.blade.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resources/views/crud/columns/custom_html.blade.php b/src/resources/views/crud/columns/custom_html.blade.php index 653779ac79..41da9578b8 100644 --- a/src/resources/views/crud/columns/custom_html.blade.php +++ b/src/resources/views/crud/columns/custom_html.blade.php @@ -1,6 +1,6 @@ @php $column['text'] = $column['value'] ?? ''; - $column['escaped'] = $column['escaped'] ?? true; + $column['escaped'] = $column['escaped'] ?? false; $column['prefix'] = $column['prefix'] ?? ''; $column['suffix'] = $column['suffix'] ?? ''; From cce42501ddd21945b57ea6c3e99123adfe400ad2 Mon Sep 17 00:00:00 2001 From: Cristian Tabacitu Date: Fri, 19 Nov 2021 10:38:29 +0200 Subject: [PATCH 4/4] remove strip_tags from markdown column --- src/resources/views/crud/columns/markdown.blade.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/resources/views/crud/columns/markdown.blade.php b/src/resources/views/crud/columns/markdown.blade.php index 1243e4ac3f..60e6119451 100644 --- a/src/resources/views/crud/columns/markdown.blade.php +++ b/src/resources/views/crud/columns/markdown.blade.php @@ -1,12 +1,9 @@ @php - $column['escaped'] = $column['escaped'] ?? true; + $column['escaped'] = $column['escaped'] ?? false; $column['prefix'] = $column['prefix'] ?? ''; $column['suffix'] = $column['suffix'] ?? ''; $column['text'] = $entry->{$column['name']} ?? ''; - // if needed, strip out HTML from the text - $column['text'] = $column['escaped'] ? strip_tags($column['text']) : $column['text']; - // turn the text into markdown $column['text'] = Illuminate\Mail\Markdown::parse($column['text']); @@ -16,6 +13,10 @@ @endphp @includeWhen(!empty($column['wrapper']), 'crud::columns.inc.wrapper_start') - {!! $column['text'] !!} + @if($column['escaped']) + {{ $column['text'] }} + @else + {!! $column['text'] !!} + @endif @includeWhen(!empty($column['wrapper']), 'crud::columns.inc.wrapper_end')