Closed aleemb closed 7 years ago
Just to be clear, it is desirable to allow messages like
$message = "Your account's <a href='/profile'>profile</a> must be updated";
$message = 'Clean your "act" now';
@edvinaskrucas any luck with this PR? Have been using it in production with no issues.
Prior to Laravel 5.4 it was possible to pass HTML into the notifications which got parsed fine. Since 5.4 this is broken. This particular PR resolves the issue, it would be nice if it could be included in the project.
A previous PR https://github.com/edvinaskrucas/notification/pull/86 escaped quotes. This gave the flexibility of messages to be included in
<script>
tag, however,htmlspecialchars
also encoded<
and>
which means that<a>, <b>
etc tags in messages would no longer work. The fix is to encode then decode everything except quotes. The result is that only quotes will be encoded. This seems like the sanest approach http://stackoverflow.com/a/1364961/50475