Skip to content

Latest commit

 

History

History
51 lines (39 loc) · 984 Bytes

xss.md

File metadata and controls

51 lines (39 loc) · 984 Bytes

XSS filtering

Since v7.0, all dataTable response are encoded to prevent XSS attack. In case you need to display html on your columns, you can use rawColumns api.

action column is allowed as raw by default.

Raw Columns

return DataTables::eloquent(Role::select())
		    ->rawColumns(['name', 'action'])
		    ->toJson();

Other XSS methods

Escape selected fields

return DataTables::eloquent(Role::select())
		    ->escapeColumns(['name'])
		    ->toJson();

Escape all columns

return DataTables::eloquent(Role::select())
		    ->escapeColumns()
		    ->toJson();

Remove escaping of all columns

return DataTables::eloquent(Role::select())
		    ->escapeColumns([])
		    ->toJson();

Escape by output index

return DataTables::eloquent(Role::select())
		    ->escapeColumns([0])
		    ->make();