HiveBrain v1.2.0
Get Started
← Back to all entries
snippetphplaravelMinor

Let users create custom blade templates

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
createbladecustomtemplatesletusers

Problem

Problem: I need to let my web-app users create their own blade layouts. The content shall change based on what is in the database, hence their layouts should become dynamic in nature. With only the content parts changing and layout different as customized by the user.

Solution: Save the user's layout code into a database column.

//Then In controller
//$templateInDatabase = content from database column, which contains user's custom layout code

$content = View::make('final',compact('data'));
$token = "", $content, $templateInDatabase);
$view = str_replace_first("", $token, $view);
$view = str_replace_first("", $scripts, $view);

return $view;


The user shall be required to include the three ` tags in the template code.
The benefits are that there is no server side code execution, hence added security. Cache problems minimize as the
final and final_scripts` blade templates can be cached. But the string replacements add extra effort.

How bad is this solution?

Solution

Ensure template contains required tags

The user shall be made to include the three ` tags in the template code.

It is difficult to know since the code to save the templates is not present - Maybe that code already validates that those tags are included (and perhaps exist only once) but if not then it might be wise to ensure that validation exists before a template can be saved.
Blade templates can execute plain PHP blocks

The benefits are that there is no server side code execution, hence added security.

Laravel 5.3 was released on August 23, 2016, slightly more than a month after this code was posted. Maybe you are aware of this already- starting with the documentation for version 5.3, there has been mention of the
@php directive “to execute a block of plain PHP within your template”.
$token is an unterminated HTML <meta tag

The assignment for
$token is:

$token = "<meta name='_token' content='" . csrf_token() ."'";


One would expect that tag to be terminated:

$token = "";


Three function calls could be simplified with one

Obviously it is a micro-optimization and might likely require additional lines of code, it would be more efficient to call
str_replace() with arrays for the first two parameters instead of calling str_replace_first() three times. This would allow for $view to be assigned only once and thus not over-written. Bearing in mind that str_replace_first()` would only replace the first occurrence, the template should only contain one instance of each custom tag anyway, lest any redundant tags persist and not be interpreted correctly.

Code Snippets

$token = "<meta name='_token' content='" . csrf_token() ."'";
$token = "<meta name='_token' content='" . csrf_token() ."'>";

Context

StackExchange Code Review Q#134992, answer score: 2

Revisions (0)

No revisions yet.