Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Helper method te() should return an HtmlString and should always escape every parameters #15

Open
pgrenaud opened this issue Sep 26, 2022 · 2 comments

Comments

@pgrenaud
Copy link

We should avoid using {!! te('key') !!} everywhere and instead always return an HtmlString. We should also always escape all parameters passed in the $replace argument (second argument of the get() method) instead of doing {!! te('key', ['a' => e($input)]) !!} everywhere.

@xel1045
Copy link
Member

xel1045 commented Oct 3, 2022

Indeed, {{ te('key') }} should be used and it's already the supported:

public function getEditor($key, array $replace = [], $locale = null)

For the second feature request (i.e. escaping $replace), I don't think it's a good idea. Since we're only forwarding translations to Laravel's translation getter, I think it's better if we keep trans() and te() aligned.

@xel1045 xel1045 closed this as not planned Won't fix, can't repro, duplicate, stale Oct 3, 2022
@pgrenaud
Copy link
Author

pgrenaud commented Oct 7, 2022

As discussed, getEditor() does return an HtmlString. But, this method is only called when the editor is enabled. When the editor is disabled, getTranslation() is directly called and this method does not return an HtmlString. You did propose to build a blade component to fix this specific issue, but I do not remember exactly how this will resolve it.

@pgrenaud pgrenaud reopened this Oct 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants