From 27ec65c736f45045d3b374282a5f8223d07297ca Mon Sep 17 00:00:00 2001 From: "Barry vd. Heuvel" Date: Sun, 27 Oct 2013 10:48:46 +0100 Subject: [PATCH] Escape HTML entities To prevent HTML being showed instead of the tags. When showing an object with html values, the html was executed instead of shown plain text. See https://github.com/barryvdh/laravel-debugbar/issues/23 --- src/DebugBar/DataCollector/DataCollector.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/DebugBar/DataCollector/DataCollector.php b/src/DebugBar/DataCollector/DataCollector.php index 8a8b87d..01ca81d 100644 --- a/src/DebugBar/DataCollector/DataCollector.php +++ b/src/DebugBar/DataCollector/DataCollector.php @@ -40,6 +40,8 @@ abstract class DataCollector implements DataCollectorInterface } } else if (is_object($var)) { $var = "Object(" . get_class($var) . ")"; + }else{ + $var = htmlentities($var, ENT_QUOTES, 'UTF-8', false); } return $var; }