Categories: javascript, php, jquery, ajax, laravel

Laravel data to javascript could this be insecure and an open vulnerability?

2 answers

I have this method in the controller:

$ep = new Enterprise; $d = new Chat; $dataDao = new Data2; $model = new Data; $empresa = $ep->getEnterprise(); $tmp_talent = new Talent(); $nm = $d->all($request->session()->get('user')->email); $data = [     0 => $empresa,     'vacantes' => $tmp_talent->getOpenJobsXTalent($request->session()->get('user')->email),     "messages" => $nm,     "userId"=> $dataDao->getMyUserId(),     "categories"=>$model->getCategories(),     //"subcategories"=>$model->getSubCategories() ]; return view('chat.dash')->with('data',$data); 

And this is their corresponding resource file:

<script>     var allMessages = {!! json_encode($data['messages']) !!}; 

My question is if this can represent a vulnerability than an attacker could use to make damage on my site or to my end users?

Received answers to this question:
The best answer according to the author of the question:

You’re displaying unescaped data Which shouldn’t be used for displaying users entries

You are using json here so you want to use @json()

Or

<?php echo json_encode($array); ?>; 

Laravel docs

Those data could be a vulnerability if they are confidential and you also have an XSS vulnerability which allows an attacker to get them.