XSS filtering
Since v7.0, all dataTable response are encoded to prevent XSS attack. In case you need to display html on your columns, you can use rawColumns
api.
action
column is allowed as raw by default.
Raw Columns
return Datatables::eloquent(Role::select()) ->rawColumns(['name', 'action']) ->make(true);
Other XSS methods
Escape selected fields
return Datatables::eloquent(Role::select()) ->escapeColumns(['name']) ->make(true);
Escape all columns
return Datatables::eloquent(Role::select()) ->escapeColumns() ->make(true);
Remove escaping of all columns
return Datatables::eloquent(Role::select()) ->escapeColumns([]) ->make(true);
Escape by output index
return Datatables::eloquent(Role::select()) ->escapeColumns([0]) ->make();