DiscoverNo CompromisesUnderstanding how Stringable works inside Blade views
Understanding how Stringable works inside Blade views

Understanding how Stringable works inside Blade views

Update: 2025-05-24
Share

Description

Joel and Aaron dig into Laravel’s `Stringable` class and uncover how it can silently skip Blade’s automatic HTML escaping. They explain why that’s both a convenient feature and a potential security pitfall if user input isn’t properly sanitized. You’ll hear practical ways to keep your views safe without losing the API’s fluency.

  • (00:00 ) - Stringable can sidestep Blade escaping

  • (03:45 ) - Dangers of outputting unsanitized HTML

  • (05:45 ) - Defensive strategies for safe rendering

  • (08:45 ) - Silly bit


Sign up for a short, but useful, Laravel tip each day in our newsletter
Comments 
In Channel
When building a UI makes more sense than bloating your seeders

When building a UI makes more sense than bloating your seeders

2025-08-3011:49

Blade includes vs components: how we decide

Blade includes vs components: how we decide

2025-08-1615:55

Changing your mind about when() and unless() in Eloquent

Changing your mind about when() and unless() in Eloquent

2025-08-0211:02

Finding a code-review style that fits your brain

Finding a code-review style that fits your brain

2025-07-1916:20

Never take hostages: give clients control from day one

Never take hostages: give clients control from day one

2025-07-0510:55

Balancing test coverage without chasing 100 percent

Balancing test coverage without chasing 100 percent

2025-06-2115:41

Exploratory coding when requirements are fuzzy

Exploratory coding when requirements are fuzzy

2025-06-0715:19

Understanding how Stringable works inside Blade views

Understanding how Stringable works inside Blade views

2025-05-2410:58

Finishing up our discussion on not having time

Finishing up our discussion on not having time

2025-05-1011:41

Why “no time” really means “no priority”

Why “no time” really means “no priority”

2025-04-2611:27

When validation can protect your app's performance

When validation can protect your app's performance

2025-04-1212:12

Stick with conventions and avoid overengineering your Laravel app

Stick with conventions and avoid overengineering your Laravel app

2025-03-2908:41

When to bring in outside help

When to bring in outside help

2025-03-1510:57

Why two databases are better than one

Why two databases are better than one

2025-03-0114:49

Dealing with being a beginner again

Dealing with being a beginner again

2025-02-1514:11

Making short demo videos count

Making short demo videos count

2025-02-0109:37

Examining test layering in multi-tenant requests

Examining test layering in multi-tenant requests

2025-01-1813:32

When to step outside of Eloquent's comfort zone

When to step outside of Eloquent's comfort zone

2025-01-0412:28

Feature flags: Temporary tool or permanent solution?

Feature flags: Temporary tool or permanent solution?

2024-12-2110:13

Deciding when to use a new piece of technology

Deciding when to use a new piece of technology

2024-12-0714:26

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Understanding how Stringable works inside Blade views

Understanding how Stringable works inside Blade views

Joel Clermont and Aaron Saray