Allow HTML while still escaping quotes for JS code

edvinaskrucas / notification

Notification package for Laravel

MIT License

526 stars 98 forks source link

Allow HTML while still escaping quotes for JS code #86

Closed aleemb closed 7 years ago

aleemb commented 7 years ago

There was a previous PR which allowed for the message to be included in <script> and other places by adding slashes. The correct method to use here is not htmlspecialchars but addslashes which also allows HTML to continue to work as the former converts < and > to HTML entities.

aleemb commented 7 years ago

Needs some more testing. Please ignore for now.