Episode Details

Joel and Aaron dig into Laravel’s `Stringable` class and uncover how it can silently skip Blade’s automatic HTML escaping. They explain why that’s both a convenient feature and a potential security pitfall if user input isn’t properly sanitized. You’ll hear practical ways to keep your views safe without losing the API’s fluency.

• (00:00) - Stringable can sidestep Blade escaping
• (03:45) - Dangers of outputting unsanitized HTML
• (05:45) - Defensive strategies for safe rendering
• (08:45) - Silly bit