Categories: javascript, php, jquery, ajax, laravel

Laravel data to javascript could this be insecure and an open vulnerability?

2 answers

I have this method in the controller:

$ep = new Enterprise; $d = new Chat; $dataDao = new Data2; $model = new Data; $empresa = $ep->getEnterprise(); $tmp_talent = new Talent(); $nm = $d->all($request->session()->get('user')->email); $data = [     0 => $empresa,     'vacantes' => $tmp_talent->getOpenJobsXTalent($request->session()->get('user')->email),     "messages" => $nm,     "userId"=> $dataDao->getMyUserId(),     "categories"=>$model->getCategories(),     //"subcategories"=>$model->getSubCategories() ]; return view('chat.dash')->with('data',$data); 

And this is their corresponding resource file:

<script>     var allMessages = {!! json_encode($data['messages']) !!}; 

My question is if this can represent a vulnerability than an attacker could use to make damage on my site or to my end users?

All answers to this question, which has the identifier 61212202

The best answer:

You’re displaying unescaped data Which shouldn’t be used for displaying users entries

You are using json here so you want to use @json()

Or

<?php echo json_encode($array); ?>; 

Laravel docs

Those data could be a vulnerability if they are confidential and you also have an XSS vulnerability which allows an attacker to get them.

Last questions

how do i remove the switch on my home screen?
how to edit the JS date and time to update atuomatically?
How to utilize data stored in a multidimensional array
Powermockito not mocking URL constructor in URI.toURL() method
Android Bluetooth LE Scanner only scans when phone's Location is turned on in some devices
docker wordpress container can't connect to mysql container
How can I declare a number in java that is more than 64-bits? [duplicate]
Optaplanner solutionClass entityCollectionProperty should never return null error when simple JSON object passed to controller
Anylogic, get the time a pedestrain is in a queue
How do I fix this syntax issue with my .flex file?
Optimizing query in PHP
How to find the highest number of a column and print two columns of that row in R?
Ideas on “Error: Type com.google.firebase.iid.zzav is referenced as an interface from com.google.firebase.messaging.zzd”?
JCIFS SmbFile.exists() and SmbFile.isDirectory() return false when it exists and I can listFiles()
PHP total order
Laravel booking system design
neural net - undefined column selected
How to indicate y axis does not start from 0 in ggplot?
Fragments in backStack
Spinner how to change the data