Skip to content

XSS filtering

Since v7.0, all dataTable response are encoded to prevent XSS attack. In case you need to display html on your columns, you can use rawColumns api.

action column is allowed as raw by default.

Raw Columns

return DataTables::eloquent(Role::select())
->rawColumns(['name', 'action'])
->toJson();

Other XSS methods

Escape selected fields

return DataTables::eloquent(Role::select())
->escapeColumns(['name'])
->toJson();

Escape all columns

return DataTables::eloquent(Role::select())
->escapeColumns()
->toJson();

Remove escaping of all columns

return DataTables::eloquent(Role::select())
->escapeColumns([])
->toJson();

Escape by output index

return DataTables::eloquent(Role::select())
->escapeColumns([0])
->make();