Closed BrianWendt closed 6 months ago
I think the e()
helper function should be removed from where the 'title' section is defined. Only the Screen class uses that view and the $name is set via a method that is strict typed as a string. The @yeild directive already escapes strings which I think is causing the problem. With that in mind, I think removing the e() shouldn't cause any security vulnerability.
Yes, I think that escaping was unnecessary. I suggest upgrading to the latest version to fix this issue.
Describe the bug Screen name() with apostrophe get's escaped causing & # 0 3 9 ; to appear instead. (spaces added because markdown decodes the & # 0 3 9 ; as and apostrophe)
To Reproduce Steps to reproduce the behavior:
name()
method return "You're testing this"Expected behavior I expect the title and header to read "You're testing this" but it returns "You& # 0 3 9 ;re testing this"
Screenshots
Desktop (please complete the following information):
Smartphone (please complete the following information):
Server (please complete the following information):
Additional context