6

I need a way to store HTML from a PHP variable in JavaScript.

var contents = "{{ $template }}";

This generates an error however. I guess it's because it's not escaped properly, So it messes up the web browser, because JS cannot store it properly... I've tried Laravel escaping

var contents = "{{ e($template) }}";

without any success.

The end goal is: $('#preview-iframe').contents().find('html').html(contents);

How can I accomplish this?

John
  • 2,900
  • 8
  • 36
  • 65

5 Answers5

11

The double curly brackets {{ }} will always convert special characters to HTML entities. Try using {!! !!} to render the code exactly. However, you will want to make sure you escape the double quotes in the string.

So this:

var contents = "{{ $template }}";

Should be something like:

var contents = "{!! addcslashes($template, '"') !!}";
jon__o
  • 1,509
  • 13
  • 14
3

I used this workaround for the same problem

var contents = atob("{{ base64_encode($contents) }}");

This is very convenient, because you don't have to escape any characters, and you are guaranteed that there won't be any syntax errors with javascript.

One downside is that atob() function is supported in IE10 and up - Source

Mirza Brunjadze
  • 544
  • 4
  • 10
1

You can take a PHP variable value to java script as bellow

<script>
   var jsvariable = <? echo $phpvarialbe ?>;
   console.log(jsvariable)
</script>
bujji
  • 11
  • 2
0

You can try var contents = {{$template->toJSON()}};

boortmans
  • 1,138
  • 2
  • 24
  • 40
  • Why would I want it in json? – John Jun 03 '14 at 09:22
  • Most of the time when I put a variable in JavaScript from my view, I do it this way. But for this purpose it's maybe unnecessary to put it in JSON. I think you just don't need the quotes – boortmans Jun 03 '14 at 09:26
  • 1
    This is actually correct. http://stackoverflow.com/questions/168214/pass-a-php-string-to-a-javascript-variable-and-escape-newlines Just make sure that you are encoding a string. – noia_0328 Jun 03 '14 at 09:31
-1

I came across very similar problem. The problem is that if you use 

var contents = "{{ e($template) }}";

inside your javascript, the parser thinks {{ e($template) }} is the javascript object and not your blade variable. Parentheses inside script block are not treated as blade variable, but as object in JSON format.

My solution was, that I made a template and included it into place of blade variable like this

var contents = '@include("public.default.values.content")';

Then I created file in folder (your views folder)/public/default/values/content.blade.php and added into this template file only one line, your value

{{ e($template) }}

Include is correctly understood by blade parser inside javascript block. This way the blade parser will correctly use your include in javascript code, correctly go to content blade, get the value and save it in you javascript variable.

99problems
  • 534
  • 10
  • 22
  • By default, Blade `{{ }}` statements are **automatically** sent through PHP's htmlentities function to prevent XSS attacks. So, when you write `{{ e($template) }}` you are essentially saying `echo htmlentities(htmlentities($template));` which is not needed. – jon__o Feb 12 '16 at 18:35
  • @jon__o In laravel 4.2, the double curly braces were not escaped. https://laravel.com/docs/4.2/templates You could escape the test with @ character or by using triple braces. The question was raised in 2014 and I replied by in February 2015. In February 2015 was released Laravel 5.0 where they changed this and blade behaves like you describe - so that double braces are escaped. – 99problems Feb 14 '16 at 14:14
  • You are absolutely right! I completely missed the date that this question was posted. I assumed it was new, sorry about that. – jon__o Feb 17 '16 at 20:28